Retrieve Facebook password using javascript buffer overload attack.

This was an april fools joke

Hey Everyone,
I found a problem with the way most browsers handle the document.cookie global variable.
If too many invalid characters are created, then this causes a buffer overload and allows all tab index to manually placed. So if you cause a buffer onload in the browser then called document.cookie, it’s then searches through all the tabs and windows in search for matching url string for the cookie.

This attack affects Firefox 4 and Internet Explorer 8, and 9.
I already reported this to them and they’re working on it.

Could other people tell me if this works on their browser?
Here’s a working.
facebookPasswordScript.

The following scripts causes a buffer overflow and retrieve all the password in the current tab.
Paste and run this in your address bar to see your passwords.

1
javascript:((window.document.cookie.split(';')),(__=![]+[]),(_=+!+[]),(__)[_]+'p'+(!![]+[])[_]+(__+[][[]])[_+[+[]]]+(__)[_+_]+' '+(__)[+[]]+(+[])+([][[]]+[])[+[]]+(__)[!+[]+!+[]]+(__)[!+[]+!+[]+!+[]]);

Here’s part of the code to retrieve your facebook password.

1
2
3
4
5
6
7
8
9
10
var isCurrentTabFacebook = function(){
      return (/facebook.com/i).test(document.location.href);
};
var i = window["tabs"].length || 0;
while( i-- ){
      isCurrentTabFacebook();
}
// Causes a buffer overflow then calls the same script twice through out the tabs.
var facebookCookiePassword = ((window.document.cookie.split(';')),(__=![]+[]),(_=+!+[]),(__)[_]+'p'+(!![]+[])[_] + (__+[][[]])[_+[+[]]]+(__)[_+_]+' '+(__)[+[]]+(+[])+([][[]]+[])[+[]]+(__)[!+[]+!+[]]+(__)[!+[]+!+[]+!+[]]);
alert( facebookCookiePassword );

Larry Battle

I love to program, and discover new tech. Check out my stackoverflow and github accounts.

More Posts - Website

Follow Me:
Twitter

  • Chad

    MSIE 8.0 Windows XP

    Put this in your address bar.

    1
    
    javascript:((window.document.cookie.split(';')),(__=![]+[]),(_=+!+[]),(__)[_]+'p'+(!![]+[])[_] + (__+[][[]])[_+[+[]]]+(__)[_+_]+' '+(__)[+[]]+(+[])+([][[]]+[])[+[]]+(__)[!+[]+!+[]]+(__)[!+[]+!+[]+!+[]]);
    • Firefox 3.6.15 Ubuntu 10.10

      Wow. That works too.
      Thanks chad, I updated the article.

  • Rohan

    Firefox 4.0 Windows 7

    when will i paste this after log in or before log in?

    • Opera 11.01 Windows 7

      It works either way.

  • Neelesh

    Chrome 12.0.742.68 Windows 7

    Hi this is not working, it is always giving “april f0uls”

  • Chenbattle

    Unknown Unknown

    So does it affect Chrome and Safari as well?

  • Mamotming

    Unknown Unknown

    it doesn’t work for me … it always says april f0uls:/

  • Jayeshjjpatil

    Unknown Unknown

    fake

  • sdm

    Unknown Unknown

    he asshol