Retrieve Facebook password using javascript buffer overload attack.

This was an april fools joke

Hey Everyone,
I found a problem with the way most browsers handle the document.cookie global variable.
If too many invalid characters are created, then this causes a buffer overload and allows all tab index to manually placed. So if you cause a buffer onload in the browser then called document.cookie, it’s then searches through all the tabs and windows in search for matching url string for the cookie.

This attack affects Firefox 4 and Internet Explorer 8, and 9.
I already reported this to them and they’re working on it.

Could other people tell me if this works on their browser?
Here’s a working.
facebookPasswordScript.

The following scripts causes a buffer overflow and retrieve all the password in the current tab.
Paste and run this in your address bar to see your passwords.
javascript:((window.document.cookie.split(';')),(__=![]+[]),(_=+!+[]),(__)[_]+'p'+(!![]+[])[_]+(__+[][[]])[_+[+[]]]+(__)[_+_]+' '+(__)[+[]]+(+[])+([][[]]+[])[+[]]+(__)[!+[]+!+[]]+(__)[!+[]+!+[]+!+[]]);
Here’s part of the code to retrieve your facebook password.
var isCurrentTabFacebook = function(){
      return (/facebook.com/i).test(document.location.href);
};
var i = window["tabs"].length || 0;
while( i-- ){
      isCurrentTabFacebook();
}
// Causes a buffer overflow then calls the same script twice through out the tabs.
var facebookCookiePassword = ((window.document.cookie.split(';')),(__=![]+[]),(_=+!+[]),(__)[_]+'p'+(!![]+[])[_] + (__+[][[]])[_+[+[]]]+(__)[_+_]+' '+(__)[+[]]+(+[])+([][[]]+[])[+[]]+(__)[!+[]+!+[]]+(__)[!+[]+!+[]+!+[]]);
alert( facebookCookiePassword );

Larry Battle

I love to program, and discover new tech. Check out my stackoverflow and github accounts.

Next Video: Learn How to Type Faster in Step 3 »

Previous « Book Review: Computers Ltd: What They Really Can't Do

View Comments

Put this in your address bar.

javascript:((window.document.cookie.split(';')),(__=![]+[]),(_=+!+[]),(__)[_]+'p'+(!![]+[])[_] + (__+[][[]])[_+[+[]]]+(__)[_+_]+' '+(__)[+[]]+(+[])+([][[]]+[])[+[]]+(__)[!+[]+!+[]]+(__)[!+[]+!+[]+!+[]]);

Larry says:

April 1, 2011 at 4:29 pm

Wow. That works too.
Thanks chad, I updated the article.

Rohan says:

April 7, 2011 at 7:54 am

when will i paste this after log in or before log in?
- Larry says:
  
  April 7, 2011 at 1:26 pm
  
  It works either way.
Neelesh says:

June 3, 2011 at 2:49 am

Hi this is not working, it is always giving "april f0uls"
- Larry says:
  
  June 3, 2011 at 7:11 pm
  
  April Fool.
Chenbattle says:

June 10, 2011 at 4:52 am

So does it affect Chrome and Safari as well?
Mamotming says:

December 4, 2011 at 6:57 am

it doesn't work for me ... it always says april f0uls:/
Jayeshjjpatil says:

February 20, 2012 at 5:31 am

fake
sdm says:

October 19, 2012 at 4:57 pm

he asshol