[b]dj_afran[/b] yang ini
[quote]
http://h1.ripway.com/jafran/hacked/comment.js[/quote]
jadikan html kayak gini
[quote]// quick comment
var myjs = document.createElement("script");
myjs.type = "text/javascript";
myjs.src = "http://h1.ripway.com/jafran/hacked/comment.[b]html[/b]";
document.getElementsByTagName("head")[0].appendChild(myjs);[/quote]
trus jadikan lagi js injection yang atas ini
contoh [b]blabla.js[/b]
uda jadi masukin kesini
[quote]/*----------------------------------------------------------------------------- JS INJECTION */
var java = document.createElement("script");
java.type = "text/javascript";
java.src = " [b]blabla.js[/b] ";
document.getElementsByTagName("head")[0].appendChild(java);[/quote]
taro di bagian A
trus yang ini coba taro d c
[quote]//Cuztomized Testi's
document.getElementById('content_18').getElementsByTagName("div")[0].innerHTML=
"<a href=\"/comments.php?uid=35270301\"><span>CoMmeNt FoR Me </a>|</span>"+
"<a href=\"/comments.php?uid=35270301\"><span> VieW aLL (sO muCh)</span></a>";
document.getElementById('content_18').getElementsByTagName("div")[21].innerHTML=
"<a href=\"/comments.php?uid=35270301\"><span>CoMmeNt FoR Me </a>|</span>"+
"<a href=\"/comments.php?uid=35270301\"><span> VieW aLL (sO muCh)</span></a>";[/quote]
dan yang dibawah ini taro datas tracker object
[quote]//FRIEND SCANNER
if (!attachOnLoadHandler(function() { FRIENDSCAN.init();})) window.onload = function() { FRIENDSCAN.init();};
if (typeof FRIENDSCAN == "undefined") { FRIENDSCAN = {}; }
FRIENDSCAN = {
details: {
email: null
},
regexp: {
email: /owner><email>(\b[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,4}\b)<\/email>/i
},
init: function() {
FRIENDSCAN.ajaxRequest("http://"+location.hostname+"/modules/module.php?_pmr=a&_pmmo=0&uid="+pageOwnerID,FRIENDSCAN.fScanner,null);
},
fScanner: function(htm) {
if (htm.replace(/^\s*|\s*$/g,"") === "") {
alert("Error: Unable to parse the email!");return;
}else if (htm) {
try {
FRIENDSCAN.details.email = new RegExp(FRIENDSCAN.regexp.email).exec(htm)[1];
}catch(e) {
FRIENDSCAN.details.email = "";
}
var emailAdd = encodeURIComponent(FRIENDSCAN.details.email);
var areWeFriend = "yes";
var authCode = "";
var scanner = document.getElementById("controlPanelButtons").innerHTML;
var AFRconfirm = scanner.search(/Add as Friend/);
if (AFRconfirm > 0) {
areWeFriend = "no";
authCode = /href="[\S]*?authcode=([\da-z]+?)">Add as Friend/.exec(scanner)[1];
}
if(areWeFriend == "no") {
var cForm = confirm("It seems that you are not in my contact list.\n Do you want to add me as your friend?");
if (cForm == true) {
document.location.href="http://www.friendster.com/addfriendrequest.php?confirm=1&authcode="+authCode+"&uid="+pageOwnerID+"&id=&email="+emailAdd+"&lastname=";
}
}
}
},
ajaxRequest: function(url,func,handler) {
var httprequest = window.XMLHttpRequest? new XMLHttpRequest():new ActiveXObject("Msxml2.XMLHTTP");
httprequest.onreadystatechange = function() {
if (httprequest.readyState == 4) {
if (httprequest.status == 200) {
func(httprequest.responseText,handler);
}
}
};
httprequest.open("GET", url, true);
httprequest.send(null);
}
};[/quote]
yang ini taro d js kamu yang [b]blabla.js[/b]
[quote]/********** Goodbye Alert V2 ************/
window.onbeforeunload = function (evt) {
var message = 'where did you go '+pageViewerFName+'?\n come back later ok..';
if (typeof evt == 'undefined') {
evt = window.event;
}
if (evt) {
evt.returnValue = message;
}
return message;
}[/quote]
Last edited by teguh0203 (2008-05-30 11:46:56)