J0kerz
Supreme Member
- Nov 2, 2009
- 1,441
- 445
Now, how can this be exploited!?
http://www.facebook.com/ajax/connect/send_typeahead.php?__a=1&value=f&map=function%20(c%2Cb){if(this%3D%3D%3Dwindow||typeof%20c!%3D'function')throw%20new%20TypeError()%3Bvar%20d%3Bvar%20e%3Dthis.length%3Bvar%20f%3Dnew%20Array(e)%3Bfor(d%3D0%3Bd%3Ce%3B%2B%2Bd)if(d%20in%20this)f[d]%3Dc.call(b%2Cthis[d]%2Cd%2Cthis)%3Breturn%20f%3B}&forEach=function%20(c%2Cb){this.map(c%2Cb)%3Breturn%20this%3B}&filter=function%20(c%2Cb){c%3Dc||function(h){return%20h%3B}%3Bif(this%3D%3D%3Dwindow||typeof%20c!%3D'function')throw%20new%20TypeError()%3Bvar%20d%2Cg%2Ce%3Dthis.length%2Cf%3D[]%3Bfor(d%3D0%3Bd%3Ce%3B%2B%2Bd)if(d%20in%20this){g%3Dthis[d]%3Bif(c.call(b%2Cg%2Cd%2Cthis))f.push(g)%3B}return%20f%3B}&every=function%20(d%2Cc){var%20b%3Dthis.filter(function(){return%201%3B})%3Breturn%20(this.filter(d%2Cc).length%3D%3Db.length)%3B}&some=function%20(c%2Cb){return%20(this.filter(c%2Cb).length%3E0)%3B}&reduce&reduceRight&sort=function%20(){if(this%3D%3D%3Dwindow)throw%20new%20TypeError()%3Breturn%20b.apply(this%2Carguments)%3B}&reverse=function%20(){if(this%3D%3D%3Dwindow)throw%20new%20TypeError()%3Breturn%20b.apply(this%2Carguments)%3B}&concat=function%20(){if(this%3D%3D%3Dwindow)throw%20new%20TypeError()%3Breturn%20b.apply(this%2Carguments)%3B}&slice=function%20(){if(this%3D%3D%3Dwindow)throw%20new%20TypeError()%3Breturn%20b.apply(this%2Carguments)%3B}&indexOf=function%20(){if(this%3D%3D%3Dwindow)throw%20new%20TypeError()%3Breturn%20b.apply(this%2Carguments)%3B}&contains=function%20(b){return%20this.indexOf(b)!%3D-1%3B}&remove=function%20(c){var%20b%3Dthis.indexOf(c)%3Bif(b!%3D-1)this.splice(b%2C1)%3B}&each=function%20(c%2Cb){this.map(c%2Cb)%3Breturn%20this%3B}&clone=function%20(){if(this%3D%3D%3Dwindow)throw%20new%20TypeError()%3Breturn%20b.apply(this%2Carguments)%3B}&existing_ids=100000727059575%2C2205007948
Exploit complete....Exploit in progress![]()
jokerz you are the man, was just sniffing whats going on behind the scenes and spotted this gold
HTML:http://www.facebook.com/ajax/connect/send_typeahead.php?__a=1&value=f&map=function%20(c%2Cb){if(this%3D%3D%3Dwindow||typeof%20c!%3D'function')throw%20new%20TypeError()%3Bvar%20d%3Bvar%20e%3Dthis.length%3Bvar%20f%3Dnew%20Array(e)%3Bfor(d%3D0%3Bd%3Ce%3B%2B%2Bd)if(d%20in%20this)f[d]%3Dc.call(b%2Cthis[d]%2Cd%2Cthis)%3Breturn%20f%3B}&forEach=function%20(c%2Cb){this.map(c%2Cb)%3Breturn%20this%3B}&filter=function%20(c%2Cb){c%3Dc||function(h){return%20h%3B}%3Bif(this%3D%3D%3Dwindow||typeof%20c!%3D'function')throw%20new%20TypeError()%3Bvar%20d%2Cg%2Ce%3Dthis.length%2Cf%3D[]%3Bfor(d%3D0%3Bd%3Ce%3B%2B%2Bd)if(d%20in%20this){g%3Dthis[d]%3Bif(c.call(b%2Cg%2Cd%2Cthis))f.push(g)%3B}return%20f%3B}&every=function%20(d%2Cc){var%20b%3Dthis.filter(function(){return%201%3B})%3Breturn%20(this.filter(d%2Cc).length%3D%3Db.length)%3B}&some=function%20(c%2Cb){return%20(this.filter(c%2Cb).length%3E0)%3B}&reduce&reduceRight&sort=function%20(){if(this%3D%3D%3Dwindow)throw%20new%20TypeError()%3Breturn%20b.apply(this%2Carguments)%3B}&reverse=function%20(){if(this%3D%3D%3Dwindow)throw%20new%20TypeError()%3Breturn%20b.apply(this%2Carguments)%3B}&concat=function%20(){if(this%3D%3D%3Dwindow)throw%20new%20TypeError()%3Breturn%20b.apply(this%2Carguments)%3B}&slice=function%20(){if(this%3D%3D%3Dwindow)throw%20new%20TypeError()%3Breturn%20b.apply(this%2Carguments)%3B}&indexOf=function%20(){if(this%3D%3D%3Dwindow)throw%20new%20TypeError()%3Breturn%20b.apply(this%2Carguments)%3B}&contains=function%20(b){return%20this.indexOf(b)!%3D-1%3B}&remove=function%20(c){var%20b%3Dthis.indexOf(c)%3Bif(b!%3D-1)this.splice(b%2C1)%3B}&each=function%20(c%2Cb){this.map(c%2Cb)%3Breturn%20this%3B}&clone=function%20(){if(this%3D%3D%3Dwindow)throw%20new%20TypeError()%3Breturn%20b.apply(this%2Carguments)%3B}&existing_ids=100000727059575%2C2205007948
Will post a Jr. VIP share later this week on how to exploit this gold.
LOL He found that by capturing the headers...I think he just meant he could use this For an exploit.where does this code go?