
//GLOBAL VARIABLES/CONFIG

var THIS_SCRIPT_NAME = "x.js"; //needed for figuring out the location of this script, so we can take the ctx logo from the same url
var XSSFURL; //set below, but figures out the location of this script
var TIMEOUT = 1000;	//how long before popup pops up
var WIDTH = 350; 	//width of the popup
var HEIGHT = 300; 	//height of the popup
var TITLE = "This page is vulnerable to Cross-Site Scripting (XSS)";
var MESSAGE = "This harmless popup was created using remote JavaScript. However, an attacker could easily have used this vulnerability to inject browser-based exploits, hijack user sessions or deface the application."
var MESSAGE2 = "The domain of the affected application is: \n" + document.domain;
var oXSSf_div;

window.setTimeout(createXSSF,TIMEOUT); //pop the box up after 1 second

var browser = new Browser();	//determine the browser type for code compatability
 
// Global object to hold drag information.
 var dragObj = new Object();

function getXSSFBody() {

	var originalSource = "\
	<img style='margin-top:10px; margin-left:10px;' src='" + XSSFURL + "//xss_clogo.png'>\
		<div style='font-family:Helvetica,Arial,sans-serif;float:right;margin-right:10px;margin-top:5px; \
		text-decoration:underline;font-size:9pt;color:#FFFFFF;cursor:hand'zIndex:999' onmousedown='xss_closeframe()'>x</div> \
		<div style='width:100%;paddingLeft:10px;paddingRight:10px;'> \
		<div style='font-weight:bold;text-decoration:underline;font-family:Helvetica,Arial,sans-serif;font-size:13pt;color:#FFFFFF;margin-left:20px;margin-right:20px;text-align:center'>	\
		" + TITLE + "</div>	\
		<div style='width:90%;font-family:Helvetica,Arial,sans-serif;font-size:10pt;color:#FFFFFF;margin-left:20px;margin-left:20px;margin-right:20px;margin-top:20px'>			\
		" + MESSAGE + "</div>\
		<div style='width:90%;font-family:Helvetica,Arial,sans-serif;font-size:10pt;color:#FFFFFF;margin-left:20px;margin-left:20px;margin-right:20px;margin-top:20px'>			\
		" + MESSAGE2 + "</div>\
		</div>	\
		\
		";
	
	return originalSource;
}

function dumpSource() {
	document.write(oXSSf_div.outerHTML);
}

//grab all the script elements in the doc and find this one, use it to grab the location of the script, so we can use it for the ctx logo
function findThisScriptsLocation() {
	var scripts = document.getElementsByTagName('script');
	var match = -1;
	for (i=0; i < scripts.length; i++) {
		if (scripts[i].src.indexOf("/"+THIS_SCRIPT_NAME) != -1) {
			//set the answer in xssfurl global var
			XSSFURL = scripts[i].src.replace("/"+THIS_SCRIPT_NAME,"");
		}
	}
}

function createXSSF() {
	
	//adding onkeypress to the doc to listen for Escape
	addEscapeListener();
	
	//get the location of where this script was called for flexible locations
	findThisScriptsLocation();
	
	//create the main xssframe div 
	oXSSf_div = create_main_xssDiv();

	//lay a shadow over the page
	layShadow();

	//add xss frame to page	
	oXSSf_div.innerHTML = getXSSFBody();
	document.body.appendChild(oXSSf_div);
}

function addEscapeListener() {
  if (browser.isIE) {
    document.attachEvent("onkeydown", checkForEscape);
  }
  if (browser.isNS) {
    document.addEventListener("keydown", checkForEscape, true);
  }
}

function checkForEscape(e) {
	if (e.keyCode == '27') {
		xss_closeframe();
	}
}

function layShadow() {
	//lay the shadow over the page, opacity is in multiples of 10%
	var opacity = 1;
	
	var oXSSf_shadow = document.createElement('div');
	oXSSf_shadow.id = "xssf_shadow";
	oXSSf_shadow.style.position = "absolute";
	oXSSf_shadow.style.zIndex = "997";
	oXSSf_shadow.style.width = "100%";
	oXSSf_shadow.style.height = "100%";
	oXSSf_shadow.style.backgroundColor = "#000";
	oXSSf_shadow.style.opacity = opacity/10;
	oXSSf_shadow.style.filter = 'alpha(opacity=' + opacity*10 + ')';
	
	document.body.appendChild(oXSSf_shadow);
	oXSSf_shadow.style.top = 0;
	oXSSf_shadow.style.left = 0;
}

function create_main_xssDiv() {
	var oXSSf_div = document.createElement('div');
	oXSSf_div.setAttribute('id', 'xssf_div');
	oXSSf_div.onkeypress = "alert(15)";
	oXSSf_div.style.position = "absolute";
	oXSSf_div.style.zIndex = "998";
	oXSSf_div.style.width = WIDTH + "px";
	oXSSf_div.style.height = HEIGHT + "px";
	oXSSf_div.style.backgroundColor = "#ed1b2f";
	oXSSf_div.style.cursor = "move";
	oXSSf_div.style.border = "2px solid #FFFFFF";
	oXSSf_div.style.padding = "0px";	
	oXSSf_div.style.top = "100px";
	oXSSf_div.style.left = "100px";
	oXSSf_div.style.textAlign = "left";
	
	if (browser.isIE) {
		oXSSf_div.onmousedown=new Function("dragStart(event, 'xssf_div')");
	}
	if (browser.isNS) {
		oXSSf_div.setAttribute("onmousedown", "dragStart(event, 'xssf_div')");
	}
	
	return oXSSf_div;
}

function xss_closeframe() {
	
	var xssdiv = document.getElementById('xssf_div');
	//remove the alertbox (loop in case the script ran multiple times)
	while (xssdiv) {
	 document.body.removeChild(xssdiv);
	 xssdiv = document.getElementById('xssf_div');
	}
	var xssshadow = document.getElementById('xssf_shadow');
	while (xssshadow) {
	 document.body.removeChild(xssshadow);
	 xssdiv = document.getElementById('xssf_shadow');
	}
	
}

//The remaining code implements the drag and drop functionality and was written by Mike Hall and is used under the GNU General Public License.
//<![CDATA[
//*****************************************************************************
// Do not remove this notice.
//
// Copyright 2001 by Mike Hall.
// See http://www.brainjar.com for terms of use.
//*****************************************************************************
 
// Determine browser and version.
 
function Browser() {
 
  var ua, s, i;
 
  this.isIE    = false;
  this.isNS    = false;
  this.version = null;
 
  ua = navigator.userAgent;
 
  s = "MSIE";
  if ((i = ua.indexOf(s)) >= 0) {
    this.isIE = true;
    this.version = parseFloat(ua.substr(i + s.length));
    return;
  }
 
  s = "Netscape6/";
  if ((i = ua.indexOf(s)) >= 0) {
    this.isNS = true;
    this.version = parseFloat(ua.substr(i + s.length));
    return;
  }
 
  // Treat any other "Gecko" browser as NS 6.1.
 
  s = "Gecko";
  if ((i = ua.indexOf(s)) >= 0) {
    this.isNS = true;
    this.version = 6.1;
    return;
  }
}
 
function dragStart(event, id) {
 
  var el;
  var x, y;
 
  // If an element id was given, find it. Otherwise use the element being
  // clicked on.
 
  if (id)
    dragObj.elNode = document.getElementById(id);
  else {
    if (browser.isIE)
      dragObj.elNode = window.event.srcElement;
    if (browser.isNS)
      dragObj.elNode = event.target;
 
    // If this is a text node, use its parent element.
 
    if (dragObj.elNode.nodeType == 3)
      dragObj.elNode = dragObj.elNode.parentNode;
  }
 
  // Get cursor position with respect to the page.
 
  if (browser.isIE) {
    x = window.event.clientX + document.documentElement.scrollLeft
      + document.body.scrollLeft;
    y = window.event.clientY + document.documentElement.scrollTop
      + document.body.scrollTop;
  }
  if (browser.isNS) {
    x = event.clientX + window.scrollX;
    y = event.clientY + window.scrollY;
  }
 
  // Save starting positions of cursor and element.
 
  dragObj.cursorStartX = x;
  dragObj.cursorStartY = y;
  dragObj.elStartLeft  = parseInt(dragObj.elNode.style.left, 10);
  dragObj.elStartTop   = parseInt(dragObj.elNode.style.top,  10);
 
  if (isNaN(dragObj.elStartLeft)) dragObj.elStartLeft = 0;
  if (isNaN(dragObj.elStartTop))  dragObj.elStartTop  = 0;
 
  // Update element's z-index.
  //dragObj.elNode.style.zIndex = ++dragObj.zIndex;
 
  // Capture mousemove and mouseup events on the page.
 
  if (browser.isIE) {
    document.attachEvent("onmousemove", dragGo);
    document.attachEvent("onmouseup",   dragStop);
    window.event.cancelBubble = true;
    window.event.returnValue = false;
  }
  if (browser.isNS) {
    document.addEventListener("mousemove", dragGo,   true);
    document.addEventListener("mouseup",   dragStop, true);
    event.preventDefault();
  }
}
 
function dragGo(event) {
 
  var x, y;
 
  // Get cursor position with respect to the page.
 
  if (browser.isIE) {
    x = window.event.clientX + document.documentElement.scrollLeft
      + document.body.scrollLeft;
    y = window.event.clientY + document.documentElement.scrollTop
      + document.body.scrollTop;
  }
  if (browser.isNS) {
    x = event.clientX + window.scrollX;
    y = event.clientY + window.scrollY;
  }
 
  // Move drag element by the same amount the cursor has moved.
 
  dragObj.elNode.style.left = (dragObj.elStartLeft + x - dragObj.cursorStartX) + "px";
  dragObj.elNode.style.top  = (dragObj.elStartTop  + y - dragObj.cursorStartY) + "px";
  //dragObj.elNode.style.z
  if (browser.isIE) {
    window.event.cancelBubble = true;
    window.event.returnValue = false;
  }
  if (browser.isNS)
    event.preventDefault();
}
 
function dragStop(event) {
 
  // Stop capturing mousemove and mouseup events.
 
  if (browser.isIE) {
    document.detachEvent("onmousemove", dragGo);
    document.detachEvent("onmouseup",   dragStop);
  }
  if (browser.isNS) {
    document.removeEventListener("mousemove", dragGo,   true);
    document.removeEventListener("mouseup",   dragStop, true);
  }
}

 
//]]>
