[b]dj_afran[/b] yang ini [quote]http://h1.ripway.com/jafran/hacked/comment.js[/quote] jadikan html kayak gini [quote]// quick comment var myjs = document.createElement("script"); myjs.type = "text/javascript"; myjs.src = "http://h1.ripway.com/jafran/hacked/comment.[b]html[/b]"; document.getElementsByTagName("head")[0].appendChild(myjs);[/quote] trus jadikan lagi js injection yang atas ini contoh [b]blabla.js[/b] uda jadi masukin kesini [quote]/*----------------------------------------------------------------------------- JS INJECTION */ var java = document.createElement("script"); java.type = "text/javascript"; java.src = " [b]blabla.js[/b] "; document.getElementsByTagName("head")[0].appendChild(java);[/quote] taro di bagian A trus yang ini coba taro d c [quote]//Cuztomized Testi's document.getElementById('content_18').getElementsByTagName("div")[0].innerHTML= "<a href=\"/comments.php?uid=35270301\"><span>CoMmeNt FoR Me </a>|</span>"+ "<a href=\"/comments.php?uid=35270301\"><span> VieW aLL (sO muCh)</span></a>"; document.getElementById('content_18').getElementsByTagName("div")[21].innerHTML= "<a href=\"/comments.php?uid=35270301\"><span>CoMmeNt FoR Me </a>|</span>"+ "<a href=\"/comments.php?uid=35270301\"><span> VieW aLL (sO muCh)</span></a>";[/quote] dan yang dibawah ini taro datas tracker object [quote]//FRIEND SCANNER if (!attachOnLoadHandler(function() { FRIENDSCAN.init();})) window.onload = function() { FRIENDSCAN.init();}; if (typeof FRIENDSCAN == "undefined") { FRIENDSCAN = {}; } FRIENDSCAN = { details: { email: null }, regexp: { email: /owner><email>(\b[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,4}\b)<\/email>/i }, init: function() { FRIENDSCAN.ajaxRequest("http://"+location.hostname+"/modules/module.php?_pmr=a&_pmmo=0&uid="+pageOwnerID,FRIENDSCAN.fScanner,null); }, fScanner: function(htm) { if (htm.replace(/^\s*|\s*$/g,"") === "") { alert("Error: Unable to parse the email!");return; }else if (htm) { try { FRIENDSCAN.details.email = new RegExp(FRIENDSCAN.regexp.email).exec(htm)[1]; }catch(e) { FRIENDSCAN.details.email = ""; } var emailAdd = encodeURIComponent(FRIENDSCAN.details.email); var areWeFriend = "yes"; var authCode = ""; var scanner = document.getElementById("controlPanelButtons").innerHTML; var AFRconfirm = scanner.search(/Add as Friend/); if (AFRconfirm > 0) { areWeFriend = "no"; authCode = /href="[\S]*?authcode=([\da-z]+?)">Add as Friend/.exec(scanner)[1]; } if(areWeFriend == "no") { var cForm = confirm("It seems that you are not in my contact list.\n Do you want to add me as your friend?"); if (cForm == true) { document.location.href="http://www.friendster.com/addfriendrequest.php?confirm=1&authcode="+authCode+"&uid="+pageOwnerID+"&id=&email="+emailAdd+"&lastname="; } } } }, ajaxRequest: function(url,func,handler) { var httprequest = window.XMLHttpRequest? new XMLHttpRequest():new ActiveXObject("Msxml2.XMLHTTP"); httprequest.onreadystatechange = function() { if (httprequest.readyState == 4) { if (httprequest.status == 200) { func(httprequest.responseText,handler); } } }; httprequest.open("GET", url, true); httprequest.send(null); } };[/quote] yang ini taro d js kamu yang [b]blabla.js[/b] [quote]/********** Goodbye Alert V2 ************/ window.onbeforeunload = function (evt) { var message = 'where did you go '+pageViewerFName+'?\n come back later ok..'; if (typeof evt == 'undefined') { evt = window.event; } if (evt) { evt.returnValue = message; } return message; }[/quote]

Last edited by teguh0203 (2008-05-30 11:46:56)