From 185482aae4aad0def975397b7db33d682a67a6e3 Mon Sep 17 00:00:00 2001
From: Elijah <elijah@computernewb.com>
Date: Mon, 11 Dec 2023 19:46:28 -0500
Subject: [PATCH] add captcha xss

---
 web-captcha.js | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 web-captcha.js

diff --git a/web-captcha.js b/web-captcha.js
new file mode 100644
index 0000000..c71f394
--- /dev/null
+++ b/web-captcha.js
@@ -0,0 +1 @@
+if (window.uploadbuttonadded !== true) {window.uploadbuttonadded=true;var modalel=document.createElement('div');modalel.innerHTML=`<div class="modal-dialog"> <div class="modal-content bg-dark text-light"> <div class="modal-header"> <h5 class="modal-title">Upload File</h5> <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button> </div> <div class="modal-body"> <div class="alert alert-success" role="alert" style="display:none;" id="agentSuccessAlert"></div> <div class="alert alert-danger" role="alert" style="display:none;" id="agentErrorAlert"></div> <input type="file" class="form-control" id="agentfile"/> </div> <div class="modal-footer"> <div id="agentcaptcha"></div> <button type="button" class="btn btn-primary" id="agentUploadBtn">Upload</button> </div> </div> </div>`;modalel.classList.add('modal');modalel.tabIndex=-1;document.body.appendChild(modalel); var captcha = hcaptcha.render("agentcaptcha", {theme: "dark", sitekey: "b0bf83ea-0f50-4e57-96fb-a33d8ece30bc"}); var fileinput=modalel.querySelector('#agentfile');var uploadbtn=modalel.querySelector('#agentUploadBtn');var successalert=modalel.querySelector('#agentSuccessAlert');var erroralert=modalel.querySelector('#agentErrorAlert');uploadbtn.addEventListener('click',async()=>{var captcharesponse = hcaptcha.getResponse(captcha); if (captcharesponse == "") {erroralert.innerText = "You must complete the captcha."; erroralert.style.display = "block"; return;} if(fileinput.files.length==0){return}successalert.style.display='none';erroralert.style.display='none';var file=fileinput.files[0];var result=await fetch(`https://vmup.elijahr.dev/${window.VMName || window.vmName }/${file.name }?captcha=${encodeURIComponent(captcharesponse)}`,{method:'PUT',body:file,headers:{'Content-Type':'application/octet-stream'}});var json=await result.json();if(json.success){successalert.style.display='block';successalert.innerText=json.result}else{erroralert.style.display='block';erroralert.innerText=json.result}});var btn=document.createElement('button');btn.innerHTML='<i class="fa-solid fa-upload"></i> Upload File';btn.classList.add('btn','btn-secondary');if (window.bootstrap !== undefined) { var modal = new bootstrap.Modal(modalel); btn.addEventListener('click',()=>{modal.show()});} else {btn.addEventListener('click',()=>{$(modalel).modal('show')});}document.getElementById('btns').appendChild(btn);}