al's Profile

Member since October 27, 2005

  • Name

    al tino

  • Location:

    Portugal

Favorite Files

Recent Posts

  1. Comment - Cross-Site Scripting Worm Hits MySpace

    (Oct 27, 2005 - 7:31 AM)

    another reason. incompleted by now :) but ...

    #!/usr/bin/perl
    # moral.pl

    use LWP;
    #use LWP::RobotUA;
    use HTTP::Cookies;
    use HTML::TokeParser;
    use IO::File;
    use POSIX;

    my $browser = LWP::UserAgent->new;
    my $username = 'altino.joao@gmail.com';
    my $pass = 'xpto';

    #liga os cookies;
    $browser->cookie_jar( HTTP::Cookies->new(
    'file' => '/tmp/perl.myspace1.cookies',
    # ficheiro dos cookies
    'autosave' => 1,));

    # header que vai com os requests, para simular o browser
    my @header = (
    'User-Agent' => 'Bruno Carreira browser bot',
    'Accept' => 'image/gif, image/x-xbitmap, image/jpeg,
    image/pjpeg, image/png, */*',
    'Accept-Charset' => 'iso-8859-1,*,utf-8',
    'Accept-Language' => 'en-US',
    );

    my $url = 'http://viewmorepics.myspace.com:80/index.cfm?fuseaction=login.process';

    # aceita redirectionamentos do browser
    push @{ $browser->requests_redirectable }, 'POST';

    print "comeca por auth o user\n";
    # autentica perante o IC
    my $response = $browser->post( $url,
    [
    email => $username,
    password => $pass,
    ]
    );

    die "Erro: nao foi possivel sacar a url: $url -- ", $response->status_line
    unless $response->is_success;

    die "Erro: tava a espera de HTML, nao de ", $response->content_type
    unless $response->content_type eq 'text/html';

    # print $response->content;

    print "Faz uma pesquisa no site por GAJAS\n";
    #$url = 'http://browse.myspace.com/index.cfm?fuseaction=browse';
    #$url = 'http://browse.myspace.com/Browse.aspx?z=1';
    $url = 'http://browseusers.myspace.com:80/Browse/Browse.aspx?z=1';
    $response = $browser->post( $url ,
    [
    Gender => 'genderWomen',
    minAge => '18',
    maxAge => '35',
    statusSingle => '1',
    statusMarried => '0',
    statusDivorced => '1',
    statusSwingers => '1',
    country => 'SW',
    ]
    );

    die "Erro: nao foi possivel sacar a url: $url -- ", $response->status_line
    unless $response->is_success;

    die "Erro: tava a espera de HTML, nao de ", $response->content_type
    unless $response->content_type eq 'text/html';
    print "Comeca a adicionar os GRELOS aos meus contactos ... \n";
    #print $response->content;
    snif();

    sub snif {
    $p = HTML::TokeParser->new( \$response->content);
    my $aux = 0;
    while (my $token = $p->get_tag("a")) {
    my $url = $token->[1]{href} || "-";
    my $text = $p->get_trimmed_text("/a");

    if ($text =~ /IMG/){
    $response = $browser->get ($url , @header);
    die "Erro: nao foi possivel sacar a url: $url -- ", $response->status_line
    unless $response->is_success;

    die "Erro: tava a espera de HTML, nao de ", $response->content_type
    unless $response->content_type eq 'text/html';
    $p1 = HTML::TokeParser->new( \$response->content);

    $url =~ /friendID=\d+?&Mytoken/;
    my $userid = $&;
    $userid =~ s/friendID=//;
    $userid =~ s/&Mytoken//;

    $url = 'http://www.myspace.com:80/index.cfm?fuseaction=invite.addfriend_check&friendID='.$userid;
    $response = $browser->get ( $url, @header);
    die "Erro: nao foi possivel sacar a url: $url -- ", $response->status_line unless $response->is_success;

    die "Erro: tava a espera de HTML, nao de ", $response->content_type
    unless $response->content_type eq 'text/html';

    $url4 = 'http://www.myspace.com:80/index.cfm?';
    my $temp = $response->content;
    #print $temp;

    # get hashcode[C
    my $hashcode = $response->content;
    $hashcode =~ m/ $hashcode,
    friendID => $userid,
    ]
    );
    die "Erro: nao foi possivel sacar a url: $url4 -- ", $response->status_line unless $response->is_success;

    die "Erro: tava a espera de HTML, nao de ", $response->content_type
    unless $response->content_type eq 'text/html';

    #sleep 2;
    #print $response->content;
    }

    if (($text =~ /Next/) && ($aux == 1)) {
    $url =~ m/\d/;
    $response = $browser->post("http://browseusers.myspace.com:80/Browse/Browse.aspx",
    [
    page => $&,
    ]
    );
    # $response = $browser->get ($url , @header);
    die "Erro: nao foi possivel sacar a url: $url -- ", $response->status_line
    unless $response->is_success;

    die "Erro: tava a espera de HTML, nao de ", $response->content_type
    unless $response->content_type eq 'text/html';
    snif();
    $aux = 0;
    } elsif (($text =~ /Next/) && ($aux == 0)) {
    $aux++;
    }

    }

    this is old, like i said at the begining. :) but...

    I just want to leave a question.

    Is this simulation of mouse clicks also an hack??? :)