Title: XSS / CSFR Facebook hostile-page Post by: BCEmporium on July 03, 2011, 11:31:31 PM For people keeping wondering about XSS and CSRF, here's an example of what it can do. This example is a new Facebook worm, which spreads by pointing users at this page: hxxp://greatlolfacehot.com/ (link replaced with hxxp - Make sure you've Javascript disabled before you try it, then you can look at the source.
This is also a warning, just in case of a friend of yours had post some crap alike to his or your wall. Title: Re: XSS / CSFR Facebook hostile-page Post by: joepie91 on July 06, 2011, 05:16:49 PM Sharing the part that does the CSRF here, for those who are interested...
Code: function jacks(site,params){ The code I posted here was edited to need some work before it works, to discourage script kiddies. EDIT: Of course this could be executed from any page. You could be visiting some random page with comics, and it could technically have this code in it. |