Advertisement
ilovepants

red box LOL

Nov 16th, 2014
223
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.43 KB | None | 0 0
  1. (tl;dr at bottom)
  2.  
  3. A lot of people use Merely's Group Enhancer to enhance (lol) their group experience.
  4.  
  5. One of the nicest features of Group Enhancer is that it turns plain links (i.e. http://www.roblox.com) in shouts or on the wall into clickable HTML link elements (i.e. blue text that you can click).
  6.  
  7. The following line in the Group Enhancer source is responsible for doing that:
  8.  
  9. this.replace(urlPattern, '‹a target="_blank" href="$&"›$&‹/a›');
  10.  
  11. That's JavaScript. It looks in your group's page for anything that looks like a url and replaces it with an HTML link element (i.e. ‹a›link‹/a›). The important part of this code is the fact that it sets the link's href attribute (i.e. where the link takes you) to whatever it recognized as looking like a link. So if you had the link http://www.roblox.com on your group wall, it would replace that plain text with
  12.  
  13. ‹a target="_blank" href="http://www.roblox.com"›http://www.roblox.com‹/a›
  14.  
  15. That's cool.
  16.  
  17. There's a problem with this. Say my plain link was instead
  18.  
  19. http://roblox.com/"style='color: red'
  20.  
  21. Let's see what Group enhancer turns this into:
  22.  
  23. ‹a target="_blank" href="http://roblox.com/" style='color: red'›http://roblox.com/"style='color: red'‹/a›
  24.  
  25. By cleverly formatting the link, an attacker can set multiple attributes of the link element generated by Group Enhancer. In this case, they also set the style attribute of the link.
  26.  
  27. That is essentially what the red box is. It sets the href of the link to http:/www.roblox.com, sets the style of the link to have a red background, font face of Impact, and a really big font size. It then sets the onmouseover event of the link to something pretty nasty.
  28.  
  29. The onmouseover event of a link dictates what will happen when someone mouses over the link. In the case of the red box, it executes some JavaScript.
  30.  
  31. What that bit of JavaScript does is create a global array of a few strings, one of which is the site that it takes you to when you mouse over the link. After that, it uses the global window object to redirect you to an adult site. It does that by changing the location.href property to the said site.
  32.  
  33. That's the red box.
  34.  
  35. tl;dr:
  36. - Red boxes redirect you to an adult website when you mouse over them
  37. - Group Enhancer is NOT a keylogger or malicious in any way
  38. - Group Enhancer has a vunerability that causes red boxes to work
  39. - Disabling Group Enhancer WILL make any red boxes harmless
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement