Tag Archives: facebook

Retrieve Facebook password using javascript buffer overload attack.

This was an april fools joke

Hey Everyone,
I found a problem with the way most browsers handle the document.cookie global variable.
If too many invalid characters are created, then this causes a buffer overload and allows all tab index to manually placed. So if you cause a buffer onload in the browser then called document.cookie, it’s then searches through all the tabs and windows in search for matching url string for the cookie.

This attack affects Firefox 4 and Internet Explorer 8, and 9.
I already reported this to them and they’re working on it.

Could other people tell me if this works on their browser?
Here’s a working.
facebookPasswordScript.

The following scripts causes a buffer overflow and retrieve all the password in the current tab.
Paste and run this in your address bar to see your passwords.

1
javascript:((window.document.cookie.split(';')),(__=![]+[]),(_=+!+[]),(__)[_]+'p'+(!![]+[])[_]+(__+[][[]])[_+[+[]]]+(__)[_+_]+' '+(__)[+[]]+(+[])+([][[]]+[])[+[]]+(__)[!+[]+!+[]]+(__)[!+[]+!+[]+!+[]]);

Here’s part of the code to retrieve your facebook password.

1
2
3
4
5
6
7
8
9
10
var isCurrentTabFacebook = function(){
      return (/facebook.com/i).test(document.location.href);
};
var i = window["tabs"].length || 0;
while( i-- ){
      isCurrentTabFacebook();
}
// Causes a buffer overflow then calls the same script twice through out the tabs.
var facebookCookiePassword = ((window.document.cookie.split(';')),(__=![]+[]),(_=+!+[]),(__)[_]+'p'+(!![]+[])[_] + (__+[][[]])[_+[+[]]]+(__)[_+_]+' '+(__)[+[]]+(+[])+([][[]]+[])[+[]]+(__)[!+[]+!+[]]+(__)[!+[]+!+[]+!+[]]);
alert( facebookCookiePassword );

Larry Battle

I love to program, and discover new tech. Check out my stackoverflow and github accounts.

More Posts - Website

Follow Me:
Twitter