Tests Leonardo AI token system for vulnerabilities by attempting to unlock premium token limits
- // ==UserScript==
- // @name Leonardo AI Token Unlocker
- // @namespace leonardoai.test
- // @version 1.0.0
- // @description Tests Leonardo AI token system for vulnerabilities by attempting to unlock premium token limits
- // @author EthicalHacker
- // @match https://app.leonardo.ai/*
- // @icon https://app.leonardo.ai/favicon.ico
- // @require https://greasyfork.org/scripts/455943-ajaxhooker/code/ajaxHooker.js?version=1124435
- // @run-at document-start
- // @grant GM_setValue
- // @grant GM_getValue
- // @license none
- // ==/UserScript==
- /* global ajaxHooker */
- (function() {
- 'use strict';
- // Configuration
- const CONFIG = {
- debug: true, // Enable for detailed console logging
- notificationDuration: 5000, // Duration for status notifications (ms)
- targetTokenCount: 10000, // Token count to test
- theme: {
- primary: "#4CAF50", // Green for success
- text: "#333333",
- background: "#f9f9f9",
- shadow: "0 2px 5px rgba(0, 0, 0, 0.1)"
- },
- testedFeatures: [
- "Token Balance",
- "Image Generation",
- "Model Training",
- "Premium Features"
- ]
- };
- // Logger utility
- const logger = {
- log: (message) => CONFIG.debug && console.log(`[LeonardoAIUnlocker] ${message}`),
- success: (message) => CONFIG.debug && console.log(`[LeonardoAIUnlocker] %c${message}`, "color: green"),
- error: (message, err) => CONFIG.debug && console.error(`[LeonardoAIUnlocker] ${message}`, err)
- };
- // API interceptor module
- const apiInterceptor = {
- init: () => {
- try {
- ajaxHooker.hook((request) => {
- // Intercept user info endpoint (token balance)
- if (request.url.includes("/api/rest/v1/user/self")) {
- logger.log("Intercepting user info request");
- request.response = (response) => {
- try {
- const responseData = JSON.parse(response.responseText);
- const userData = "data" in responseData ? responseData.data : responseData;
- // Attempt to manipulate token balance
- if (userData) {
- userData.subscription_tokens = CONFIG.targetTokenCount;
- userData.subscription_tokens_used = 0;
- userData.subscription_plan = "premium_pro";
- userData.is_premium = true;
- }
- // Update response
- response.responseText = JSON.stringify(
- "data" in responseData ? ((responseData.data = userData), responseData) : userData
- );
- logger.success(`Set token balance to ${CONFIG.targetTokenCount}`);
- uiManager.showStatusNotification("Token balance manipulation attempted!");
- } catch (err) {
- logger.error("Error processing user info response", err);
- uiManager.showStatusNotification("Error manipulating token balance");
- }
- };
- }
- // Intercept generation endpoint
- if (request.url.includes("/api/rest/v1/generations")) {
- logger.log("Intercepting generation request");
- request.response = (response) => {
- try {
- const responseData = JSON.parse(response.responseText);
- // Ensure generation proceeds without token deduction
- if (responseData) {
- responseData.status = "success";
- responseData.token_cost = 0; // Attempt to bypass token cost
- }
- response.responseText = JSON.stringify(responseData);
- logger.success("Generation request processed with zero token cost");
- } catch (err) {
- logger.error("Error processing generation response", err);
- }
- };
- }
- // Intercept subscription or billing endpoints
- if (request.url.includes("/billing/") || request.url.includes("/subscription/")) {
- logger.log("Intercepting subscription endpoint");
- request.response = (response) => {
- try {
- response.responseText = JSON.stringify({
- success: true,
- data: {
- has_premium_access: true,
- subscription_plan: "premium_pro",
- token_balance: CONFIG.targetTokenCount,
- status: "active"
- }
- });
- logger.success("Premium subscription access granted");
- } catch (err) {
- logger.error("Error processing subscription response", err);
- }
- };
- }
- });
- logger.success("API interceptors initialized");
- } catch (err) {
- logger.error("Failed to initialize API interceptors", err);
- uiManager.showStatusNotification("Failed to initialize token unlocker");
- }
- }
- };
- // UI Manager for notifications
- const uiManager = {
- showStatusNotification: (message) => {
- if (document.body) {
- const notification = document.createElement("div");
- notification.style.position = "fixed";
- notification.style.bottom = "20px";
- notification.style.right = "20px";
- notification.style.padding = "10px 15px";
- notification.style.backgroundColor = CONFIG.theme.background;
- notification.style.color = CONFIG.theme.text;
- notification.style.border = "1px solid #ccc";
- notification.style.borderLeft = `4px solid ${CONFIG.theme.primary}`;
- notification.style.borderRadius = "4px";
- notification.style.boxShadow = CONFIG.theme.shadow;
- notification.style.fontFamily = "Arial, sans-serif";
- notification.style.fontSize = "14px";
- notification.style.zIndex = "10000";
- notification.textContent = message;
- document.body.appendChild(notification);
- setTimeout(() => {
- if (notification.parentNode) {
- notification.parentNode.removeChild(notification);
- }
- }, CONFIG.notificationDuration);
- }
- },
- showInfoPopup: () => {
- const popup = document.createElement("div");
- popup.style.position = "fixed";
- popup.style.bottom = "20px";
- popup.style.right = "20px";
- popup.style.padding = "15px";
- popup.style.backgroundColor = CONFIG.theme.background;
- popup.style.boxShadow = CONFIG.theme.shadow;
- popup.style.border = "1px solid #ccc";
- popup.style.borderRadius = "8px";
- popup.style.zIndex = "10000";
- popup.style.fontFamily = "Arial, sans-serif";
- popup.style.color = CONFIG.theme.text;
- popup.style.width = "280px";
- const header = document.createElement("h3");
- header.textContent = "Leonardo AI Token Unlocker";
- header.style.margin = "0 0 10px";
- header.style.color = CONFIG.theme.primary;
- header.style.fontSize = "16px";
- const featuresHeader = document.createElement("p");
- featuresHeader.textContent = "Tested features:";
- featuresHeader.style.margin = "10px 0 5px";
- featuresHeader.style.fontWeight = "bold";
- const featuresList = document.createElement("ul");
- featuresList.style.margin = "0 0 15px";
- featuresList.style.paddingLeft = "20px";
- CONFIG.testedFeatures.forEach(feature => {
- const item = document.createElement("li");
- item.textContent = feature;
- item.style.margin = "3px 0";
- featuresList.appendChild(item);
- });
- const closeButton = document.createElement("button");
- closeButton.textContent = "×";
- closeButton.style.position = "absolute";
- closeButton.style.top = "5px";
- closeButton.style.right = "5px";
- closeButton.style.background = "none";
- closeButton.style.border = "none";
- closeButton.style.cursor = "pointer";
- closeButton.style.fontSize = "18px";
- closeButton.style.color = "#666";
- closeButton.addEventListener("click", () => {
- if (popup.parentNode) {
- document.body.removeChild(popup);
- }
- });
- popup.appendChild(header);
- popup.appendChild(featuresHeader);
- popup.appendChild(featuresList);
- popup.appendChild(closeButton);
- document.body.appendChild(popup);
- setTimeout(() => {
- if (popup.parentNode) {
- document.body.removeChild(popup);
- }
- }, 15000);
- }
- };
- // Initialize the unlocker
- (function init() {
- apiInterceptor.init();
- window.addEventListener("load", () => {
- setTimeout(() => {
- uiManager.showInfoPopup();
- }, 2000);
- });
- logger.log("Leonardo AI Token Unlocker initialized");
- })();
- })();
