OP 12 August, 2020 - 12:48 AM
Reply
Hello, today i found an email service. Im trying to generate emails , there is no fucking security
I managed to get the ajax that do all the thing :
I tried to directly make post request to the url like this : https://i.imgur.com/fv2fIzc.png
But it looks its not working !
Also, if i try to make in a console
It is not working! and require me to inject first the ajax script first, so i guess this ajax script load something that create a session maybe ? i don't really know
What i need :
-Generate an email from the part of the code i managed to find
-That's it
Also i think you can send mail using this ajax so maybe someone could exploit this for personnal uses ;) !
I hope i get helped soon :)
I managed to get the ajax that do all the thing :
Show ContentSpoiler:
Code:
'use strict';
var tma = {
url : "https://www.fakemail.net",
cdn : "",
refreshLoop : function() {
var classesLine = window.setInterval(tma.refresh, 100);
$("#countval").attr("data-refresh-timer", classesLine);
},
resetLoop : function() {
var classesLine = window.setInterval(tma.reset, 5);
$("#countval").attr("data-reset-timer", classesLine);
},
reset : function() {
tma.killTimer($("#countval").attr("data-refresh-timer"));
$("#countval").removeAttr("data-refresh-timer");
var newFieldValue = $("#countval").val();
newFieldValue--;
$(".knob").val(newFieldValue).trigger("change");
$("#countval").val(newFieldValue);
if (newFieldValue <= 0) {
tma.killTimer($("#countval").attr("data-reset-timer"));
$("#countval").removeAttr("data-reset-timer");
tma.nactiPostu();
$("#countval").val(0);
tma.refreshLoop();
}
},
refresh : function() {
var newFieldValue = $("#countval").val();
$(".knob").val(newFieldValue).trigger("change");
if (100 == newFieldValue) {
tma.resetLoop();
} else {
if (newFieldValue < 0) {
/** @type {number} */
newFieldValue = 0;
$("#countval").val(0);
}
}
newFieldValue++;
$("#countval").val(newFieldValue);
},
vygenerujEmail : function(a) {
$("#email").html("Loading...");
$.ajax({
url : tma.url + "/index/index",
dataType : "json",
type : "GET",
async : false
}).done(function(a) {
$("#email").html(a.email).addClass("animace");
$("#hesloGen").html(a.heslo);
$("#hesloGenMobil").html(a.heslo);
});
},
nactiEmail : function(term_id) {
$.ajax({
url : tma.url + "/index/email",
dataType : "json",
data : {
id : term_id
},
type : "POST",
async : false
}).done(function(op) {
$("#odesilatel").empty().html(op.od);
$("#predmet").empty().html(op.predmet);
$("#iframeMail").attr("src", "https://www.tempmailaddress.com/email/id/" + term_id);
$("#oknoLink").attr("rel", term_id);
});
},
nactiPostu : function() {
$.ajax({
url : tma.url + "/index/refresh",
dataType : "json",
async : false
}).done(function(item) {
if ($("#schranka").empty(), 0 != item) {
var e;
/** @type {!Array} */
var d = [];
/** @type {!Array} */
var identifiers = [];
/** @type {number} */
var i = 0;
for (; i < item.length; i++) {
if ("precteno" == item[i].precteno) {
/** @type {string} */
var rot = "klikaciRadek";
} else {
/** @type {string} */
rot = "klikaciRadek newMail";
}
if (4 < i) {
/** @type {string} */
rot = rot + " collapse schovano";
}
if (1 == $.cookie("more")) {
/** @type {string} */
rot = rot + " in";
}
/** @type {string} */
d[i] = '<tr class="hidden-xs hidden-sm ' + rot + '" data-href="' + item[i].id + '"><td class="from"><span class="glyphicon glyphicon-envelope"> </span>' + item[i].od + "</td><td>" + item[i].predmet + '</td><td><span class="pull-left spanKdy">' + item[i].kdy + '</span><span class="pull-right spanAkce">' + item[i].akce + "</span></td></tr>";
/** @type {string} */
identifiers[i] = '<tr class="hidden-md hidden-lg ' + rot + '" data-href="' + item[i].id + '"><td colspan="2" class="col-xs-9 mobileFrom"><span class="glyphicon glyphicon-envelope"> </span><span class="odMobil">' + item[i].od + '</span><br><span class="predmet pull-left">' + item[i].predmetZkraceny + '</span></td><td class="col-xs-3"><span class="spanAkce">' + item[i].akce + '</span><br><span class="spanKdy pull-right">' + item[i].kdy + "</span></td></tr>";
}
if (4 < item.length) {
/** @type {string} */
e = 1 == $.cookie("more") ? "show less" : "show more";
/** @type {string} */
d[item.length] = '<tr class="hidden-xs hidden-sm"><td colspan="3" class="text-center"><a href=".schovano" title="Show more" class="showMore text-muted" data-toggle="collapse">' + e + "</a></td></tr>";
/** @type {string} */
identifiers[item.length] = '<tr class="hidden-sm hidden-lg"><td colspan="3" class="text-center"><a href=".schovano" title="Show more" class="showMore text-muted" data-toggle="collapse">' + e + "</a></td></tr>";
}
$("#schranka").html(d.join("") + identifiers.join(""));
}
}).fail(function(a) {
window.location.replace("/");
});
},
regeneratePassword : function() {
$.ajax({
url : tma.url + "/regen",
dataType : "json",
async : false
}).done(function(usersLayoutTemplate) {
$("#hesloGen").html(usersLayoutTemplate);
$("#hesloGenMobil").html(usersLayoutTemplate);
}).fail(function(a) {
alert("There was an error, please try again later");
});
},
kontakt : function() {
var maindata3 = $("#form").serialize();
var expRecords = $("#jmenoInput").val();
var prefixpart = $("#emailInput").val();
var loadedAddons = $("#zpravaInput").val();
return expRecords.length < 1 ? (alert("Name must have at least 2 signs"), false) : prefixpart.match(/^([a-z0-9._-]+@[a-z0-9._-]+\.[a-z]{2,4}$)/i) ? loadedAddons.length < 1 ? (alert("Message must have at least 1 sign"), false) : void("ok" == $.ajax({
type : "POST",
url : tma.url + "/index/mail",
data : maindata3,
async : false
}).responseText ? (alert("Email has been sent"), $("#jmenoInput").val(""), $("#emailInput").val(""), $("#zpravaInput").val("")) : alert("Error occurred while sending an email, please try again later")) : (alert("Email is not valid"), false);
},
killTimer : function(name) {
window.clearInterval(name);
},
refreshClick : function() {
tma.resetLoop();
},
odpocet : function() {
var a;
$.ajax({
url : tma.url + "/index/zivot",
dataType : "json",
async : true
}).done(function(options) {
var arg = options;
var re = arg.ted.split(/[- :]/);
/** @type {!Date} */
var date = new Date(re[0], re[1] - 1, re[2], re[3], re[4], re[5]);
/** @type {!Date} */
var start = new Date(date);
/** @type {number} */
a = setInterval(function() {
$("#odpocet").attr("data-timer", a);
var re = arg.konec.split(/[- :]/);
/** @type {!Date} */
var modifiedDate = new Date(re[0], re[1] - 1, re[2], re[3], re[4], re[5]);
/** @type {!Date} */
var t = new Date(modifiedDate);
start.setSeconds(start.getSeconds() + 1);
/** @type {number} */
var delta = t - start;
if (delta <= 0) {
tma.killTimer($("#odpocet").attr("data-timer"));
window.location.replace("/delete");
} else {
/** @type {number} */
var kSub = Math.floor(delta / 864E5);
/** @type {number} */
var normalizeSuffix = Math.floor(delta % 864E5 / 36E5);
/** @type {number} */
var MARK_DAY_HTML = Math.floor(delta % 36E5 / 6E4);
/** @type {number} */
var str = Math.floor(delta % 6E4 / 1E3);
}
/** @type {string} */
var d = "";
if (0 < kSub) {
/** @type {string} */
d = d + kSub + ":";
}
if (0 < normalizeSuffix) {
/** @type {string} */
d = d + normalizeSuffix + ":";
}
/** @type {string} */
d = d + MARK_DAY_HTML + ":" + str;
$("#odpocet").html(d);
$("#odpocetMobil").html(d);
}, 1E3);
});
},
resizeAbout : function() {
$(".teloAbout").css("height", eval($(".stin").height() - 10) + "px");
},
vyjedPanelem : function() {
$("#panelRight").animate({
right : "0px"
}, 1E3, "linear");
},
smazatEmail : function(leveeId) {
if ("ok" == $.ajax({
url : tma.url + "/delete-email/" + leveeId,
dataType : "json",
data : {
id : leveeId
},
type : "POST",
async : false
}).responseText) {
tma.refreshClick();
}
},
naklonujElement : function(a) {
var e = a.clone();
var _stringBuilder = a.parent();
a.remove();
_stringBuilder.append(e);
}
};
$(window).resize(function() {
}), tma.setAvatar = function(src) {
var elem = $("#avatarImg");
var obj = $("#avatarImgMobil");
elem.fadeOut("fast", function() {
elem.attr("src", tma.cdn + "/avatars/" + src);
elem.fadeIn("fast");
});
$(".downloadAvatar").attr("href", tma.cdn + "/avatars/" + src);
obj.fadeOut("fast", function() {
obj.attr("src", tma.cdn + "/avatars/" + src);
obj.fadeIn("fast");
});
$(".downloadAvatarMobil").attr("href", tma.cdn + "/avatars/" + src);
}, tma.nextAvatar = function() {
/** @type {*} */
var next$jscomp$0 = eval(tma.avatarIndex + 1);
if (next$jscomp$0 > tma.avatars.length) {
/** @type {number} */
next$jscomp$0 = 0;
}
tma.setAvatar(tma.avatars[next$jscomp$0]);
/** @type {*} */
tma.avatarIndex = next$jscomp$0;
}, tma.prevAvatar = function() {
/** @type {*} */
var prev$jscomp$0 = eval(tma.avatarIndex + 1);
if (prev$jscomp$0 < 0) {
/** @type {*} */
prev$jscomp$0 = eval(tma.avatars.length - 1);
}
tma.setAvatar(tma.avatars[prev$jscomp$0]);
/** @type {*} */
tma.avatarIndex = prev$jscomp$0;
}, $(document).ready(function() {
tma.vygenerujEmail();
$.ajax({
method : "POST",
dataType : "json",
url : tma.url + "/index/avatars/",
async : true
}).done(function(avatars) {
/** @type {(Array|HTMLCanvasElement|HTMLImageElement|string)} */
tma.avatars = avatars;
/** @type {number} */
tma.avatarIndex = 0;
tma.setAvatar(tma.avatars[0]);
});
$("#emailForm").on("shown.bs.modal", function() {
$(this).removeData("bs.modal");
});
$(document).on("click", "#emailFormBtn", function(event) {
event.preventDefault();
event.stopPropagation();
var emailInput = $(this).data("email");
$.ajax({
method : "POST",
dataType : "json",
url : "/index/new-email/",
data : {
emailInput : emailInput,
format : "json"
}
}).done(function(a) {
$(this).removeAttr("data-email");
tma.naklonujElement($(".formGroupEmail"));
window.location.reload();
}).fail(function(a) {
alert("There was a problem while communicating with the server");
});
});
$(document).on("keyup", "#emailInput", function(a) {
var email = $(this).val();
var element = $(".inputFeedback");
email = email.replace(/([^a-z0-9\.\-]+)/i, "").toLowerCase();
$(this).val(email);
if (3 <= email.length && email.length <= 18) {
$.ajax({
method : "POST",
dataType : "json",
url : "/index/email-check/",
data : {
email : email,
format : "json"
}
}).done(function($in) {
if ("ok" == $in) {
element.removeClass("text-danger").addClass("text-success").removeClass("glyphicon-remove").addClass("glyphicon-ok");
$("#emailFormBtn").addClass("in");
$("#emailFormBtn").attr("data-email", email);
} else {
if (element.hasClass("text-success")) {
element.addClass("text-danger").removeClass("text-success").addClass("glyphicon-remove").removeClass("glyphicon-ok");
$("#emailFormBtn").removeClass("in");
$("#emailFormBtn").attr("data-email", "");
}
}
}).fail(function(a) {
if (element.hasClass("text-success")) {
element.addClass("text-danger").removeClass("text-success").addClass("glyphicon-remove").removeClass("glyphicon-ok");
$("#emailFormBtn").removeClass("in");
$("#emailFormBtn").attr("data-email", "");
}
});
} else {
if (element.hasClass("text-success")) {
element.addClass("text-danger").removeClass("text-success").addClass("glyphicon-remove").removeClass("glyphicon-ok");
$("#emailFormBtn").removeClass("in");
$("#emailFormBtn").attr("data-email", "");
}
}
});
$(".gotit").click(function(event) {
event.preventDefault();
$.cookie("terms", 1, {
expires : 30,
path : "/",
domain : "www.fakemail.net",
secure : true
});
$(".termsa").fadeOut("slow");
$(".termsa").remove();
});
$(".refresh").click(function(event) {
event.preventDefault();
tma.refreshClick();
});
$(".regenerate").click(function(event) {
event.preventDefault();
tma.regeneratePassword();
});
$("#form").submit(function(event) {
event.preventDefault();
tma.kontakt();
});
$("#oknoLink").click(function(event) {
event.preventDefault();
window.open("/window/id/" + $(this).attr("rel"));
});
$(document).on("click", ".deleteEmail", function(event) {
event.preventDefault();
event.stopPropagation();
var domDefaultAppId = $(this).data("id");
tma.smazatEmail(domDefaultAppId);
});
$(document).on("click", ".klikaciRadek", function() {
var a = $(this).data("href");
window.location.replace("/window/id/" + a);
});
$(document).on("click", ".zpetMain", function() {
tma.resizeAbout();
$(".primary").slideToggle("slow");
});
$(".cetc").click(function(event) {
event.preventDefault();
new Clipboard(".cetc");
});
$(".knob").knob({
min : 0,
max : 100,
width : 35,
height : 35,
fgColor : "#ff99cc",
readOnly : true,
step : 1,
thickness : .1,
format : function(value$jscomp$84) {
return eval(10 - Math.floor(value$jscomp$84 / 10));
},
draw : function() {
$(this.i).css("font-size", "15px").css("color", "#000000");
}
});
tma.nactiPostu();
tma.refreshLoop();
tma.odpocet();
$(document).on("click", ".showMore", function(a) {
if (null == $.cookie("more")) {
$(this).text("show less");
$.cookie("more", 1, {
expires : 2,
path : "/",
domain : "www.fakemail.net",
secure : true
});
} else {
$(this).text("show more");
$.removeCookie("more", {
path : "/",
domain : "www.fakemail.net",
secure : true
});
}
});
$(document).on("click", ".nextAvatar", function(event) {
event.preventDefault();
tma.nextAvatar();
});
$(document).on("click", ".prevAvatar", function(event) {
event.preventDefault();
tma.prevAvatar();
});
});I tried to directly make post request to the url like this : https://i.imgur.com/fv2fIzc.png
But it looks its not working !
Also, if i try to make in a console
Code:
$.ajax({
method : "POST",
dataType : "json",
url : "/index/new-email/",
data : {
emailInput : "mohamad",
format : "json"
}
}).done(function(a) {
window.location.reload();
}).fail(function(a) {
console.log("There was a problem while communicating with the server")
});What i need :
-Generate an email from the part of the code i managed to find
-That's it
Also i think you can send mail using this ajax so maybe someone could exploit this for personnal uses ;) !
I hope i get helped soon :)