利用bcm中的漏洞进行一些操作
اعتبارا من
// ==UserScript== // @name hackmao // @namespace https://greasyfork.org/zh-CN/users/1022906-dream%E4%B8%8D%E6%83%B3%E5%8F%98%E5%B1%91awa // @version 0.1 // @description 利用bcm中的漏洞进行一些操作 // @author Dream不想变屑awa, Orangesoft // @match https://shequ.codemao.cn/* // @match https://player.codemao.cn/* // @require https://cdn.jsdelivr.net/npm/[email protected] // @require https://cdn.jsdelivr.net/npm/[email protected]/examples/js/libs/stats.min.js // @require https://unpkg.com/[email protected]/dist/js/mdui.min.js // @license MIT // @grant GM_xmlhttpRequest // @compatible edge // @compatible chrome // @icon https://cdn-community.codemao.cn/community_frontend/asset/cute_4caf9.png // ==/UserScript== /* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! 注:使用此脚本造成的损失作者不承担任何责任 !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ var stats = new Stats(); document.body.append(stats.domElement); var getworkid = () => location.href.substring(location.href.lastIndexOf('/') + 1,location.href.length) function geth (sth){ return document.getElementsByClassName(sth) } function log (messge){ console.log( '%c %s %c %s', 'border: 1px solid white;border-radius: 3px 0 0 3px;padding: 2px 5px;color: white;background-color: green;', '[Hackmao Log1.0]', 'border: 1px solid white;border-radius: 0 3px 3px 0;padding: 2px 5px;color: black;background-color: white;border-left: none;', messge ); } (function() { if(window.location.pathname.indexOf("/work/")+1||window.location.pathname.indexOf("/new/")+1) { log('a work page') let player_url = 'https://player.codemao.cn/new/' if (geth('r-work-c-work_info--work_tool r-work-c-work_info--kitten3')[0] != null)player_url = 'https://player.codemao.cn/w/' else if(geth('r-work-c-work_info--work_tool r-work-c-work_info--kitten4')[0] != null)player_url = 'https://player.codemao.cn/new/' else if(geth('r-work-c-work_info--nemo')[0] != null)player_url = 'https://nemo.codemao.cn/w/' var under = { '未开发': () => { log('点击-未开发'); alert('开发中,敬请期待'); }, '调试中': () => { log('点击-调试中'); alert('功能正在调试,暂时无法使用,敬请谅解'); }, }; var main= { 'wj': () =>{ const input = document.createElement("input"); input.type = "file"; input.style.display = "none"; input.addEventListener("change", () => { let reader = new FileReader(); reader.addEventListener("load", () => { GM_xmlhttpRequest({ method: "post", url: "https://static.box3.codemao.cn/block", data: reader.result, binary: true, onload({ response }) { const { Key, Size } = JSON.parse(response); log("上传成功! Hash: "+Key); const hash = Key; input.remove(); alert('上传完成!请打开控制台查看注入链接') log('inject_url: '+player_url+getworkid()+'?bcmc_url=https://static.box3.codemao.cn/block/'+hash+'.json') }, }); }); reader.readAsBinaryString(input.files[0]); }); input.click(); }, 'id': () =>{ var wi = prompt('请输入修改bcmc后的作品id',''); GM_xmlhttpRequest({ method:"get", url:"https://api.codemao.cn/api/v2/work/display/"+wi, onload({response}){ let res = JSON.parse(response); console.log(res['data']['work_url'][0]); prompt('url:',`${player_url}${getworkid()}?bcmc_url=${res['data']['work_url'][0]}`) } }) }, 'playurl': () =>{ window.open(player_url+getworkid()); }, 'hook': () =>{ function hook(sth){ return(sth*1) } var funcname = prompt('请输入函数名(无需在后面加括号)',''); var func = prompt('请输入固定后的值的数据类型(str1,int0)',''); log(func) if(func=='1'){ function hook(sth){ return('"'+sth+'"') } } else{ function hook(sth){ return(sth*1) } } log(funcname+'=()=>'+hook(funcinfo)) alert('请在开发者工具输入:'+funcname+'=()=>'+hook(funcinfo)) }, 'autolike': () =>{ }, } window.gui = new lil.GUI({ title: '🧰Hackmao工具箱' }); window.gui.domElement.style.top = 'unset'; window.gui.domElement.style.bottom = '0'; window.gui.domElement.style.userSelect = 'none'; var page1 = gui.addFolder('url有关'); var page1_1 = page1.addFolder('bcmc注入'); page1_1.add(main, 'wj').name('上传bcmc文件并注入'); page1_1.add(main, 'id').name('通过作品id获取bcmc文件并注入'); page1.add(main,'playurl').name('打开player端(可绕过防沉迷)') var page2 = gui.addFolder('其他'); page2.add(main, 'hook').name('污染函数(仅在player端有效)'); } })();
