{"id":527,"date":"2011-04-01T14:20:45","date_gmt":"2011-04-01T20:20:45","guid":{"rendered":"http:\/\/bateru.com\/news\/?p=527"},"modified":"2012-10-19T21:49:17","modified_gmt":"2012-10-20T03:49:17","slug":"retrieve-facebook-password-using-javascript-buffer-overload-attack","status":"publish","type":"post","link":"https:\/\/bateru.com\/news\/2011\/04\/retrieve-facebook-password-using-javascript-buffer-overload-attack\/","title":{"rendered":"Retrieve Facebook password using javascript buffer overload attack."},"content":{"rendered":"<h2>This was an april fools joke<\/h2>\n<blockquote><p>Hey Everyone,<br \/>\nI found a problem with the way most browsers handle the document.cookie global variable.<br \/>\nIf too many invalid characters are created, then this causes a buffer overload and allows all tab index to manually placed. So if you cause a buffer onload in the browser then called document.cookie, it&#8217;s then searches through all the tabs and windows in search for matching url string for the cookie.<\/p>\n<p>This attack affects Firefox 4 and Internet Explorer 8, and 9.<br \/>\nI already reported this to them and they&#8217;re working on it.<\/p>\n<p>Could other people tell me if this works on their browser?<br \/>\nHere&#8217;s a working.<br \/>\n<a href='http:\/\/bateru.com\/news\/wp-content\/uploads\/2011\/04\/facebookPassword.html'>facebookPasswordScript<\/a>. <\/p>\n<p>The following scripts causes a buffer overflow and retrieve all the password in the current tab.<br \/>\nPaste and run this in your address bar to see your passwords.<\/p>\n<pre lang='javascript' line=\"1\">\r\njavascript:((window.document.cookie.split(';')),(__=![]+[]),(_=+!+[]),(__)[_]+'p'+(!![]+[])[_]+(__+[][[]])[_+[+[]]]+(__)[_+_]+' '+(__)[+[]]+(+[])+([][[]]+[])[+[]]+(__)[!+[]+!+[]]+(__)[!+[]+!+[]+!+[]]);\r\n<\/pre>\n<p>Here&#8217;s part of the code to retrieve your facebook password.<\/p>\n<pre lang='javascript' line=\"1\">\r\nvar isCurrentTabFacebook = function(){\r\n      return (\/facebook.com\/i).test(document.location.href);\r\n};\r\nvar i = window[\"tabs\"].length || 0;\r\nwhile( i-- ){\r\n      isCurrentTabFacebook();\r\n}\r\n\/\/ Causes a buffer overflow then calls the same script twice through out the tabs.\r\nvar facebookCookiePassword = ((window.document.cookie.split(';')),(__=![]+[]),(_=+!+[]),(__)[_]+'p'+(!![]+[])[_] + (__+[][[]])[_+[+[]]]+(__)[_+_]+' '+(__)[+[]]+(+[])+([][[]]+[])[+[]]+(__)[!+[]+!+[]]+(__)[!+[]+!+[]+!+[]]);\r\nalert( facebookCookiePassword );\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>This was an april fools joke Hey Everyone, I found a problem with the way most browsers handle the document.cookie global variable. If too many invalid characters are created, then this causes a buffer overload and allows all tab index to manually placed. So if you cause a buffer onload in the browser then called &hellip; <a href=\"https:\/\/bateru.com\/news\/2011\/04\/retrieve-facebook-password-using-javascript-buffer-overload-attack\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Retrieve Facebook password using javascript buffer overload attack.<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[171,66,164],"class_list":["post-527","post","type-post","status-publish","format-standard","hentry","category-frontend-tech","tag-amazing","tag-facebook","tag-javascript"],"_links":{"self":[{"href":"https:\/\/bateru.com\/news\/wp-json\/wp\/v2\/posts\/527","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bateru.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bateru.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bateru.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bateru.com\/news\/wp-json\/wp\/v2\/comments?post=527"}],"version-history":[{"count":10,"href":"https:\/\/bateru.com\/news\/wp-json\/wp\/v2\/posts\/527\/revisions"}],"predecessor-version":[{"id":1152,"href":"https:\/\/bateru.com\/news\/wp-json\/wp\/v2\/posts\/527\/revisions\/1152"}],"wp:attachment":[{"href":"https:\/\/bateru.com\/news\/wp-json\/wp\/v2\/media?parent=527"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bateru.com\/news\/wp-json\/wp\/v2\/categories?post=527"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bateru.com\/news\/wp-json\/wp\/v2\/tags?post=527"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}