Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Bằng cách lén trong các hướng dẫn chương trình, những kẻ tấn công có thể hướng dẫn các chương trình để thực hiện các hành động lựa chọn của kẻ tấn công. Để thực hiện một cuộc tấn công tiêm, kẻ tấn công cố gắng làm giảm sự tiếp xúc của CSRF. Xem các sách trắng để biết thêm thông tin. | restriction. if location.hostname profile.myspace.com document.location http www.myspace.com location.pathname location.search else Now that we are on the correct www.myspace.com let s start spreading this worm. First ensure that we have the friendID. if friendIdParameter getCoreVictimData getHtmlBody Now let s do the damage. main Now the victim runs the main function. Unfortunately Samy did not design the cleanest code. The main function sets up some more variables just like some of the global variables already set once or if the redirect occurred twice. The main function starts a chain of XMLHttpRequests that performs actions on the victim s behalf to change the victim s profile page. The XMLHttpRequests are chained together by their callback functions. Finally main makes one last request to add Samy to the victim s friends list. It s not the cleanest design but it works. This is Samy s closest attempt to a core routine. However he uses many global function calls and horribly misuses XMLHttpRequest s callback to chain all of the requests together. function main grab the victim s friendID. The FriendID and the Mytoken value are required for the worm to make requests on the Victim s behalf. var friendId getVictimsFriendId var url index.cfm fuseaction user.viewProfile friendID friendId Mytoken myTokenParameter xmlHttpRequest getXMLObj This request starts a chain of HTTP requests. Samy uses the callback function in XMLHttpRequest to chain numerous requests together. The first request simply makes a request to view the user s profile in order to see if samy is already the victim s hero. httpSend url analyzeVictimsProfile GET xmlhttp2 getXMLObj This adds user 11851658 Samy to the victim s friend list. httpSend2 index.cfm fuseaction invite.addfriend_verify friendID 11851658 Mytoken myTokenParameter addSamyToVictimsFriendsList GET 58 The most interesting line above is httpSend url analyzeVictimsProfile GET because it starts the chain of XMLHttpRequests that ultimately .
