2019-09-11 18:53:05 +02:00
|
|
|
<html>
|
|
|
|
|
<head>
|
|
|
|
|
<script src="/e2e.js"></script>
|
|
|
|
|
<link
|
|
|
|
|
href="https://fonts.googleapis.com/css?family=Montserrat&display=swap"
|
|
|
|
|
rel="stylesheet"
|
|
|
|
|
/>
|
|
|
|
|
<style>
|
|
|
|
|
.malware {
|
|
|
|
|
position: fixed;
|
|
|
|
|
bottom:0;
|
|
|
|
|
left:0;
|
|
|
|
|
right:0;
|
|
|
|
|
height: 150px;
|
|
|
|
|
background: red;
|
|
|
|
|
color: black;
|
|
|
|
|
display: flex;
|
|
|
|
|
display: flex;
|
|
|
|
|
justify-content: center;
|
|
|
|
|
align-items: center;
|
|
|
|
|
font-family: monospace;
|
|
|
|
|
font-size: 72px;
|
|
|
|
|
}
|
|
|
|
|
</style>
|
|
|
|
|
<script>
|
2021-12-04 15:28:40 -08:00
|
|
|
function xssAttack() {
|
|
|
|
|
const div = document.createElement('div');
|
|
|
|
|
div.id = 'the-malware';
|
|
|
|
|
div.className = 'malware';
|
|
|
|
|
div.innerHTML = 'XSS Succeeded';
|
2019-12-07 12:19:45 +01:00
|
|
|
document.getElementsByTagName('body')[0].appendChild(div);
|
|
|
|
|
// const el = document.querySelector('.mermaid');
|
|
|
|
|
// el.parentNode.removeChild(el);
|
|
|
|
|
throw new Error('XSS Succeded');
|
2019-09-11 18:53:05 +02:00
|
|
|
}
|
|
|
|
|
</script>
|
|
|
|
|
</head>
|
|
|
|
|
<body>
|
|
|
|
|
<script src="./mermaid.js"></script>
|
|
|
|
|
<script>
|
|
|
|
|
mermaid.initialize({
|
|
|
|
|
startOnLoad: false,
|
|
|
|
|
useMaxWidth: true,
|
|
|
|
|
});
|
|
|
|
|
</script>
|
|
|
|
|
</body>
|
|
|
|
|
</html>
|
