Newer
Older
AJAX_JSON_XSS_POC / index.php
root on 30 Jun 2020 895 bytes initial commit
  1. <?php
  2.  
  3. ?>
  4. <html>
  5. <head>
  6. <meta http-equiv="Content-Security-Policy" content="default-src * 'unsafe-eval' 'unsafe-inline'; img-src 'self' data:">
  7. <script src="jquery.min.js"></script>
  8. </head>
  9. <body>
  10. <div id="testDiv">Initial Contents</div>
  11.  
  12. <script>
  13. $(document).ready(function() {
  14. console.log("starting");
  15. $.ajax({
  16. url: "/ajax_response.php",
  17. dataType: "json",
  18. cache: false,
  19. success: function(data) {
  20. console.log("got data");
  21. $('#testDiv').html(data.body);
  22. },
  23. error: function(xhr, status, error) {
  24. var err = eval("(" + xhr.responseText + ")");
  25. console.log(xhr);
  26. //alert(err.Message);
  27. $('#testDiv').html(xhr.responseJSON.body);
  28. }
  29. });
  30.  
  31. });
  32. </script>
  33. </body>
Buy Me A Coffee