How can we bypass this function to obtain full XSS?
var xmlHttp = new XMLHttpRequest();
xmlHttp.onreadystatechange = function() {
if (xmlHttp.readyState == 4 && xmlHttp.status == 200) {
response = JSON.parse(xmlHttp.responseText);
AnyFunction(response);
}
else if (xmlHttp.readyState == 4 && xmlHttp.status != 200) {
console.log(xmlHttp.responseText);
}
}
xmlHttp.open('POST', url, true);
xmlHttp.setRequestHeader('Content-Type', 'application/json; charset=UTF-8');
xmlHttp.setRequestHeader('Accept', 'application/json');
data = {'searchTerm':item}
xmlHttp.send(JSON.stringify(data));
There is only one search bar for user input.
Aucun commentaire:
Enregistrer un commentaire