Skip to content
/ uxss-poc Public

Universal xss PoC with multiple target sites (CVE-2015-0072)

License

MIT license
7 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dbellavista/uxss-poc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.gitignore
.gitignore
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
app.js
app.js
 
 
conf.json
conf.json
 
 
package.json
package.json
 
 

Repository files navigation

Universal Cross Site Scripting PoC

This is a PoC for CVE-2015-0072 for sequentialy get the targeted websites cookies.

Disclaimer

This Proof of Concept is for educational purpose only. Please do not use it against any system without prior permission. You are responsible for yourself for what you do with this code.

Improvement

In order for the exploit to work, the javascript injection inside the first frame location must occur after the second frame redirect. The first solution, proposed in the other PoC, deployed sleeps and timeouts. However, if the server syncronize the redirect and sleep requestes, one can exploit the vulnerability without sleeps.

Actually there is a little setTimeout, but 500 ms is big improvement from the previous 5000! Note: this code is a PoC, it was never tested outside my test environment.

Usage

npm install
node app.js

For basic logging launch

node app.js > cookies.txt

Configuration

In conf.json, set host to the value of your public host and targets to the sites to retrieve the cookies.

Note that targets must not set the HTTP header x-frame-options.

References

About

Universal xss PoC with multiple target sites (CVE-2015-0072)

Resources

Readme

License

MIT license
Activity

Stars

7 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages