Reputation: 1
Could someone explain this facebook script? XSS?
<script type="text/javascript" src="/aes.js" ></script>
<script>
function toNumbers(d){
var e=[];
d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});
return e
}
function toHex(){
for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);
return e.toLowerCase()
}
var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("23408f94661caf2c92c0cf7da64ab661");
document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/";
document.cookie="referrer="+escape(document.referrer);
location.href="http://of3trade0912achieve20.dc7.us/?ckattempt=1";
</script>
I'm a layman whose friend's Facebook account was compromised and was posting a link to a site with this script on it everywhere.
I'm curious and would appreciate if someone could explain what this script is doing.
Upvotes: -1
Views: 219
Answers (2)
Reputation: 97
You won't understand in the majority of cases the entire script. It is because the script is encrypted to avoid coping. That's why many pages have the same structure or patron. Var e:[/.t]+l.String... blah blah blah!
Upvotes: 0
Reputation: 23379
It sets 2 cookies, one of them using some encrytion stuff, with a 22 year expiration date, and the other one saving the name of the referring page, then it redirects the page to a different page, "http://of3trade0912achieve20.dc7.us/?ckattempt=1".
Upvotes: 1
Related Questions
- What is this weird script I found on facebook?
- The following JavaScript code relate to Facebook
- Why does this Javascript code run automatically?
- Explanation of Facebook spam code
- What does this function do in Facebook's JavaScript source?
- What does this script do?
- What does this JS code do?
- What exactly does this piece of JavaScript do?
- what is this facebook code?
- What does this code do?