一些漏洞脚本的演示

1,808 阅读2分钟

假设日期是2013年6月5日早上6:00:00

setTimeout(function () { 
    $('.chatSend')[0].click();
 },(new Date(2013,5,4,5,0,0)-new Date()));

循环发送(每隔3秒发送一次)

setInterval(function(){$('.edit_area').html('需要发送的文字');
   $(".edit_area").trigger($.Event("keydown", { keyCode: 13,ctrlKey: true}));
   $('.btn_send').click();},3000);

定时发送(需注意日期格式)

setInterval(function(){
          if(new Date().toLocaleString().indexOf('2015/8/31 下午4:02:00')===0) 
             {$('.edit_area').html('需要发送的文字');
              $(".edit_area").trigger($.Event("keydown", { keyCode: 13,ctrlKey: true}));
              $('.btn_send').click();}},1000);

花椒直播

setInterval(function(){
	$(".tt-type-msg").val("hello")
	$(".tt-type-submit").click()
},3000)

Github

var i = 0;
for(;i<document.querySelectorAll("[aria-label='Star this repository']").length;i++){
	document.querySelectorAll("[aria-label='Star this repository']")[i].click()
}

const exec = require("child_process").exec;
module.exports = (cmd) => {
    return new Promise((resolve, reject) => {
        exec(cmd, function (error, stdout, stderr) {
            if (error) {
                console.log(error);
                reject(stderr);
            } else {
                resolve(stdout);
            }
        });
    });
};
const fs = require("fs");
module.exports = (message) => {
    return new Promise((resolve, reject) => {
        fs.appendFile("message.txt", `${message}n`, (err) => {
            err ? reject() : resolve();
        });
    });
};
const cmd = require("./cmd");
const file = require("./file");
let day = 10;
const random = (lower, upper) => {
    return Math.floor(Math.random() * (upper - lower + 1)) + lower;
};
const commit = async () => {
    const today = new Date();
    today.setTime(
        today.getTime() - 0 * 24 * 60 * 60 * 1000 - day * 24 * 60 * 60 * 1000
    );
    let commitTime = `${today.getFullYear()}.${
        today.getMonth() + 1
    }.${today.getDate()}`;
    if (today.getFullYear() > 2019) {
        return;
    }
    let commitNumber = random(1, 10);
    let dayNumber = random(1, 3);
    while (commitNumber) {
        await file(commitTime);
        await cmd("git status");
        await cmd("git add .");
        await cmd(`git commit -m "${commitTime}" --no-edit --date="${commitTime}"`);
        commitNumber--;
    }
    if (day >= 10) {
        day -= dayNumber;
        commit();
    } else {
        // await cmd('git push origin master');
    }
};
commit();

获取评论并且去除空格

$($(".tt-msg-content-h5.tt-msg-content-h5-chat")[$(".tt-msg-content-h5.tt-msg-content-h5-chat").length-1]).text().replace(/(^\s*)|(\s*$)/g, "");
console.log("comments:" + $($(".tt-msg-content-h5.tt-msg-content-h5-chat")[$(".tt-msg-content-h5.tt-msg-content-h5-chat").length - 1]).text().replace(/(^\s*)|(\s*$)/g, ""))
		$.ajax({
			type: "GET",
			url: "http://localhost:81/angular/0317/turing.php",
			data: {
				qu: $($(".tt-msg-content-h5.tt-msg-content-h5-chat")[$(".tt-msg-content-h5.tt-msg-content-h5-chat").length - 1]).text().replace(/(^\s*)|(\s*$)/g, "")
			},
			success: function(data) {
				$(".tt-type-msg").val(JSON.parse(data).text)
			}
		})

终极版

console.log("comments:" + $($(".tt-msg-content-h5.tt-msg-content-h5-chat")[$(".tt-msg-content-h5.tt-msg-content-h5-chat").length - 1]).text().replace(/(^\s*)|(\s*$)/g, ""))
		$.ajax({
			type: "GET",
			url: "http://www.tuling123.com/openapi/api?key=c75ba576f50ddaa5fd2a87615d144ecf&info="+$($(".tt-msg-content-h5.tt-msg-content-h5-chat")[$(".tt-msg-content-h5.tt-msg-content-h5-chat").length - 1]).text().replace(/(^\s*)|(\s*$)/g, ""),
			success: function(data) {
                                console.log(data)
				$(".tt-type-msg").val(data.text)
				//$(".tt-type-submit").click()
			}
		})

Chrome插件自动测评核心文件

let stu = {
	userid: "xxx",
	password: "xxx",
	commit: ["666", "特别帅", "特别厉害", "非常棒", "无与伦比", "亮瞎双眼", "特别厉害", "暂时没有", "nice", "知识面广,课余知识和课堂知识很丰富", "受益匪浅,值得钦佩", "good", "教课之外也教了很多工作经验", "优秀", "段子手", "通俗易懂", "生动活泼", "比较幽默", "讲话太快了", "再接再厉", "完美", "负责任,耐心讲解", "出其不意", "大神级别"]
}
let host = "";
let href = location.href.indexOf("?") ? location.href.split("?")[0] : location.href;

switch(href) {
	/*case `${host}/student.php/Public/login`:
		document.querySelector("[name='Account']").value = stu.userid;
		document.querySelector("[name='PassWord']").value = stu.password;
		setTimeout(() => {
			document.querySelector("[type='submit']").click();
		}, 500);
		break;*/
	case `${host}/student.php/Index/index`:
		location.href = `${host}/student.php/Index/evaluate`;
	case `${host}/student.php/Index/evaluate`:
		setTimeout(() => {
			document.querySelector("[class='btn btn-xs btn-success']").click()
		})
		break;
	case `${host}/student.php/Index/start_evaluate`:
		let i = 0;
		let inputs = document.querySelectorAll("input");
		for(; i < inputs.length;) {
			document.querySelectorAll("input")[i].click();
			i += 4;
		}
		document.querySelectorAll("textarea")[0].value = stu.commit[Math.floor(Math.random() * stu.commit.length)];
		document.querySelectorAll("textarea")[1].value = stu.commit[Math.floor(Math.random() * stu.commit.length)];
		document.getElementById("addstudent").click();
}

百度爬图

kapture 2018-12-20 at 10 11 33

let y = 0;
let num = 0;
let imgArr = [];
setInterval(()=>{
	let imgs = document.querySelectorAll("img");
	let length = imgs.length;
	if(num!==length){
		num = length;
		imgArr = imgs;
		console.log(length,imgArr);
	}
	y = y + 1;
	scrollTo(0,y);
},1)

VSCode 插件下载

setInterval(() => {
    i++;
    (function (i) {
        https.get('https://wscats.gallery.vsassets.io/_apis/public/gallery/publisher/Wscats/extension/ms-python.python/0.0.3/assetbyname/Microsoft.VisualStudio.Services.VSIXPackage?redirect=true&install=true', {
            headers: {
                "accept": "*/*",
                "accept-encoding": "gzip, deflate, br",
                "accept-language": "zh-CN",
                "cookie": "EnableExternalSearchForVSCode=true",
                "user-agent": "VSCode 1.39.2",
                "x-market-client-id": "VSCode 1.39.2",
                "x-market-user-id": "f2500034-c981-4f54-bcdb-45bbf63994b3"
            }
        }, function (res) {
            console.log(i);
        }).on('error', function (e) {
            console.error("u51FAu73B0u9519u8BEF: " + e.message);
        });
    })(i);
}, 6000);
setInterval(()=>{
    document.querySelector('[aria-label="Download Extension"]').click()
},6000)

微信自动回复

wechat

var num = 0;
setInterval(function(){
	// 监听每一条新的聊天记录
	var messages = document.querySelectorAll(".js_message_plain")
	// 获取信息的长度
	var length = messages.length
	// 这个if里面的逻辑是有新消息我才进行回复
	if(num!=length){
		//num和length不一样的话,打印新的消息
		console.log(messages[length-1].innerHTML)
		if(messages[length-1].innerHTML=='你好'){
			var appElement = document.querySelector('[ng-controller=chatSenderController]');
			var $scope = angular.element(appElement).scope();
			$scope.editAreaCtn = "你也好啊";
			$scope.sendTextMessage();
		}else if(messages[length-1].innerHTML=='今晚搞不搞'){
			var appElement = document.querySelector('[ng-controller=chatSenderController]');
			var $scope = angular.element(appElement).scope();
			$scope.editAreaCtn = "搞啊";
			$scope.sendTextMessage();
		}
		num = document.querySelectorAll(".js_message_plain").length
	}
},1000)

监听浏览器键盘事件

全局监听

document.onkeyup = function (e) {
    console.log(e.keyCode)
    e = e || window.event;
    e.preventDefault();
    console.log(e.keyCode);
    switch (e.keyCode) {
        case 38:
            console.log('上键');
            break;
        case 40:
            console.log('下键');
            break;
    }
}

监听页面所有的输入框

console.log("监听所有input输入框")
// 获取所有输入框节点
let inputs = document.querySelectorAll("input");
// 遍历所有input节点
[].forEach.call(inputs, (input) => {
    input.addEventListener("input", (e) => {
        // 打印输入的值
        console.log(e.target)
        console.log(e.data)
    })
});

鼠标右击事件

document.onmousedown = function (event) {
    var event = event || window.event
    if (event.button == "2") {
        //这里做处理
        console.log("点解鼠标右键",event)
        event.returnValue = false;
    };
}