0xRoM / AJAX_JSON_XSS_POC
Transfer to URL with SHA Find file
Newer
Older
AJAX_JSON_XSS_POC / index.php
root on 30 Jun 2020 895 bytes initial commit
Raw Blame History 
  1. <?php
  2.  
  3. ?>
  4. <html>
  5. <head>
  6. 	<meta http-equiv="Content-Security-Policy" content="default-src * 'unsafe-eval' 'unsafe-inline'; img-src 'self' data:">
  7. 	<script src="jquery.min.js"></script>
  8. </head>
  9. <body>
  10. 	<div id="testDiv">Initial Contents</div>
  11.  
  12. 	<script>
  13. 		$(document).ready(function() {
  14. 			console.log("starting");
  15.         
  16.             $.ajax({
  17.                 url: "/ajax_response.php",
  18.                 dataType: "json",
  19.                 cache: false,
  20.                 success: function(data) {
  21.                 	console.log("got data");
  22.                     $('#testDiv').html(data.body);
  23.                 },  
  24.                 error: function(xhr, status, error) {
  25. 				  var err = eval("(" + xhr.responseText + ")");
  26. 				  console.log(xhr);
  27. 				  //alert(err.Message);
  28. 				  $('#testDiv').html(xhr.responseJSON.body);
  29. 				}          
  30.             });              
  31.         
  32.  
  33.     });
  34. 	</script>
  35. </body>
Buy Me A Coffee