Created
December 31, 2024 10:27
-
-
Save Zapotek/ed5df3d75d52fb3792d41a3d30e7ad3d to your computer and use it in GitHub Desktop.
DOM XSS in Sinatra (Introspector loaded)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'sinatra' | |
| require 'scnr/introspector' | |
| class MyApp < Sinatra::Base | |
| use SCNR::Introspector, scope: { | |
| path_start_with: __FILE__ | |
| } | |
| def process_params( params ) | |
| params.values.join( ', ' ) | |
| end | |
| get '/' do | |
| <<-HTML | |
| <html> | |
| <head> | |
| <script src="/helpers.js"></script> | |
| <script> | |
| function handleResponse() { | |
| if( this.readyState != 4 || this.status != 200 ) { return } | |
| document.getElementById( "container" ).innerHTML = processHTML( this.responseText ); | |
| } | |
| function submit() { | |
| ajax = new XMLHttpRequest(); | |
| ajax.onreadystatechange = handleResponse; | |
| ajax.open( "GET", "/ajax?vulnerable=" + document.getElementById("input").value, true ); | |
| ajax.send(); | |
| } | |
| </script> | |
| </head> | |
| <body> | |
| <div id="container"> | |
| <input id="input" /> | |
| <button onclick="submit()">Submit</button> | |
| </div> | |
| </body> | |
| </html> | |
| HTML | |
| end | |
| get '/ajax' do | |
| <<-HTML | |
| <div id="ajax-container"> | |
| #{process_params( params )} | |
| </div> | |
| HTML | |
| end | |
| get '/helpers.js' do | |
| content_type 'application/javascript' | |
| <<-JS | |
| function processHTML( html ) { | |
| return html; | |
| } | |
| JS | |
| end | |
| run! | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment