Newer
Older
AJAX_JSON_XSS_POC / index.php
root on 30 Jun 895 bytes initial commit
<?php

?>
<html>
<head>
	<meta http-equiv="Content-Security-Policy" content="default-src * 'unsafe-eval' 'unsafe-inline'; img-src 'self' data:">
	<script src="jquery.min.js"></script>
</head>
<body>
	<div id="testDiv">Initial Contents</div>

	<script>
		$(document).ready(function() {
			console.log("starting");
        
            $.ajax({
                url: "/ajax_response.php",
                dataType: "json",
                cache: false,
                success: function(data) {
                	console.log("got data");
                    $('#testDiv').html(data.body);
                },  
                error: function(xhr, status, error) {
				  var err = eval("(" + xhr.responseText + ")");
				  console.log(xhr);
				  //alert(err.Message);
				  $('#testDiv').html(xhr.responseJSON.body);
				}          
            });              
        

    });
	</script>
</body>