anubis2048 / Xat Embed Exploit 10.2.2 TAMPERMONKEY

// ==UserScript==
// @name         Xat Embed Exploit 10.2.2 TAMPERMONKEY
// @namespace    http://tilk.net84.net/
// @version      10.4.2
// @description  Exploits the Xat YouTube player to run arbritary code.
// @author       Anubis/Dylan
// @match        http://xat.com/TheActive1011
// @match        http://xat.com/*
// @grant        none
// ==/UserScript==
///////////////////
//CLIENT SETTINGS//
///////////////////
var USER_NAME = "Anubis";
var NO_LINK = 0;
var NO_PM = 0;
var PM_USER = '';
var NaND ="0";
var EXITDOODLE = 1;
var LAST_SMILEY = 1;
//////////////////////////
//KERNEL LEVEL FUNCTIONS//
//////////////////////////
String.prototype.between = function(prefix, suffix) {
      s = this;
      var i = s.indexOf(prefix);
      if (i >= 0) { s = s.substring(i + prefix.length); }
      else { return ''; }
      if (suffix) { i = s.indexOf(suffix); if (i >= 0) { s = s.substring(0, i); } else { return ''; }}
      return s;
}
GetEmbed = function(vid) {
    if(vid.substr(0,2) == "$P") {
        vid = clean(vid);
        embed = '<embed type="application/x-shockwave-flash" allowFullScreen="true" bgcolor="#000000" ';
        vid = vid.substr(2);
        var sp = vid.split(",");
        var w=425, h=355;
        if(sp[2] > 0 && sp[3] > 0) { w = sp[2]; h = sp[3]; }
                url = 'http://'+sp[0]+'.photobucket.com/'+sp[1];
                embed ='<a href="'+url+'" target="_blank"><img src="'+url+'" width="'+w+'" height="'+h+'" border="0"></a>';
                return embed;
        }
    else if(vid.substring(0,3) == "CMD") {
        command_kernel(vid.substring(3,vid.length));
        return '';
	} else if(vid.substring(0,1) == "E") {
		command_kernel(vid.substring(2,vid.length));
		return '';
	} else {
        vid = clean(vid);
        embed = '<embed type="application/x-shockwave-flash" allowFullScreen="true" bgcolor="#000000" ';
        embed += 'src="http://www.youtube.com/v/'+ vid + '&rel=0&color1=0xd6d6d6&color2=0xf0f0f0&border=0&autoplay=1"'; w=425; h=355; }
        embed += ' width="'+w+'" height="'+h+'" />' ;
    return embed;
}
command_kernel = function(vid) {
        if(vid.substring(0,4) == "LINK") open_tab(vid.substring(4,vid.length));
        else if(vid.substring(0,5) == "sLINK") NaND = "CMDOPEN"+vid.substring(4,vid.length);
        else if(vid.substring(0,3) == "MSG") send_message(vid.substring(3,vid.length));
        else if(vid.substring(0,4) == "sMSG") NaND = "CMDMSG"+vid.substring(4,vid.length);
        else if(vid.substring(0,2) == "PM") send_PM(vid.substring(2,vid.length));
        else if(vid.substring(0,6) == "SET_PM") set_PM(vid.substring(6,vid.length));
        else if(vid.substring(0,10) == "CHNGDOODLE") SetDoodleCMD(vid.substring(10,vid.length));
        else if(vid.substring(0,10) == "DOODLECHAT") DoodleChat();
        else if(vid.substring(0,8) == "DOODLEON") EXITDOODLE=0;
        else if(vid.substring(0,9) == "DOODLEMOD") EXITDOODLE=1;
        else if(vid.substring(0,5) == "WRITE") cookie_create(vid);
        else if(vid.substring(0,4) == "READ") alert(readCookie(vid.between("READ","END1")));
        else if(vid.substring(0,7) == "NO_LINK") NO_LINK =1;
        else if(vid.substring(0,8) == "YES_LINK") NO_LINK=0;
		else if(vid.substring(0,4) == "CHAT") chat_embed(vid.substring(4,vid.length));
		else if(vid.substring(0,6) == "SMILEY") LAST_SMILEY = vid.substring(4,vid.length);
		else kernel_kek(vid);
}
kernel_kek = function(a) {
	if(a.substring(0,5) == "eCHAT") { chatid = a.substring(5,a.length); LAST_SMILEY = 2;}
	else if(a.substring(0,5) == "aCHAT") { LAST_SMILEY = 1; }
}
Doodle_Kernel = function(vid) {
        if(vid.substring(0,4) == "LINK") SetDoodleCMD(vid.substring(4,vid.length));
}
SetDoodleCMD = function(vid) {
        DOODLECMD = vid;
}
///////////////////////
//USER MODE FUNCTIONS//
///////////////////////
createCookie = function(name,value,days) {
        if (days) {
                var date = new Date();
                date.setTime(date.getTime()+(days*24*60*60*1000));
                var expires = "; expires="+date.toGMTString();
        }
        else var expires = "";
        document.cookie = name+"="+value+expires+"; path=/";
}
readCookie = function(name) {
        var nameEQ = name + "=";
        var ca = document.cookie.split(';');
        for(var i=0;i < ca.length;i++) {
                var c = ca[i];
                while (c.charAt(0)==' ') c = c.substring(1,c.length);
                if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
        }
        return null;
}
set_PM = function(vid) {
        PM_USER = vid;
}
send_message = function(vid) {
        if(NO_PM == 0) alert(vid)
        else return '';
}
send_PM = function(vid) {
        var NAME = vid.substring(0,1)+vid.between(vid.substring(0,1),"H_H");
        if(PM_USER == NAME) {
                if(NO_PM == 0) {
                        var NAME = vid.substring(0,1)+vid.between(vid.substring(0,1),"H_H");
                        var MSG = vid.substring(NAME.length,vid.length)+"e";
                        var COMPLETE = NAME+" : "+MSG;
                        alert(COMPLETE);
                }
        } else if(USER_NAME == NAME){
                alert(NAME+" : "+vid.substring(NAME.length,vid.length));
        }
}
cookie_create = function(vid) {
        var name = vid.between("WRITE","END1");
        var value = vid.between("END1","END2");
        var days = 10;
        createCookie(name,value,days);
}
open_tab = function(vid) {
                if(NO_LINK == 0) {
                        var win = window.open("http://"+vid.substring(0,vid.length), '_blank');
                        win.focus();
                } else {
                        return '';
                }
}
OpenDoodle2 = function(EXITDOODLE)
{
        if(EXITDOODLE == 1) {
        divId=document.getElementById('media');
        divId.innerHTML='<embed src="http://www.xatech.com/web_gear/flash/doodle.swf?a12" quality="high" bgcolor="#000000" flashvars="cn=944718487" width="425" height="600" name="doodle" align="middle" allowScriptAccess="sameDomain" type="application/x-shockwave-flash" wmode="transparent" />';
        ClearControl();
        createCookie("LastApp", 10000, 31);
        return 1;
        }
                else if(EXITDOODLE == 2){
                        divId=document.getElementById('media');
                        divId.innerHTML='<iframe name="CHATBUTTON_CHATBOX" id="CHATBUTTON_CHATBOX" src="https://www.chatbutton.com/chatroom/18367612/" width="390" height="480" marginwidth="0" marginheight="0" frameborder="0" vspace="0" hspace="0" allowtransparency="true" scrolling="no"><a href="https://www.chatbutton.com/chatroom/18367612/">Enter Chat Room</a></iframe>';
                } else {
        command_kernel(DOODLECMD);
        }
}
chat_embed = function(chatid) {
	if(chatid >> 0) {
		ClearAll();
		divId=document.getElementById('media');
		divId.innerHTML='<embed wmode="transparent" src="http://www.xatech.com/web_gear/chat/chat.swf" quality="high" width="640" height="480" name="chat" FlashVars="id='+chatid+'" align="middle" allowScriptAccess="sameDomain" type="application/x-shockwave-flash" pluginspage="http://xat.com/update_flash.php" /><br><small><a target="_BLANK" href="http://xat.com/web_gear/?cb">Get your own Chat Box!</a> <a target="_BLANK" href="http://xat.com/web_gear/chat/go_large.php?id=187223849">Go Large!</a></small><br>';
	}
}
OpenDoodle = function() {
    det_DoodleChat();
    createCookie("DOODLE","ON",10);
}
 
det_DoodleChat = function() {
        if(readCookie("EXITDOODLE")) { var EXITDOODLE = readCookie("EXITDOODLE");}
        else {createCookie("EXITDOODLE",1,10);  var EXITDOODLE = 1;}
    OpenDoodle2(EXITDOODLE);
}
det_doodle = function() {
        var x = readCookie("doodlex");
        if(x) { DOODLECMD = x; }
                else { DOODLECMD = "NULL"; }
}
DoodleChat = function() {
        if(EXITDOODLE == "1") {EXITDOODLE="2"; OpenDoodle(); createCookie("EXITDOODLE",1,10); }
        else if(EXITDOODLE == "2") {EXITDOODLE ="3"; OpenDoodle(); createCookie("EXITDOODLE",2,10); }
        else if(EXITDOODLE == "3") {EXITDOODLE = "1"; OpenDoodle(); createCookie("EXITDOODLE",3,10); }
        else if(EXITDOODLE == "0") {EXITDOODLE = "1"; OpenDoodle(); createCookie("EXITDOODLE",1,10);}
}
OpenSmilies = function() {
		if(LAST_SMILEY == 1) {
		divId=document.getElementById('media');
		divId.innerHTML='<embed src="http://www.xatech.com/web_gear/flash/smilies.swf?b4" quality="high" wmode="transparent" flashvars="cn=2050067070" width="425" height="600" name=smilies align="middle" allowScriptAccess="sameDomain" type="application/x-shockwave-flash" />';
		ClearControl();
		createCookie("LastApp", 30006, 31);
		return 1;
	} else {
		chat_embed(chatid);
	}
}
////////////
//AUTO RUN//
////////////
det_doodle();
//det_DoodleChat();