"Month of MySpace bugs"

16 posts / 0 new
Last post

   

   

jae
Re: backing up profile

There is an option with FireFox and MySpaceMozilla ( I Think ) that has a 'backup my profile' option, I 've never done it, maybe someone else here has? 

soopacee
Re: "Month of MySpace bugs"

i agree with foambrush.....april fools joke

foambrush
Re: "Month of MySpace bugs"

They are posting the bugs on this blog

Ashton
Re: "Month of MySpace bugs"

I'm going to make a quick comment here,

Out of this blog (4/2/07 entry), when you paste in the code in your browser bar:

http://profile.myspace.com/index.cfm?fuseaction=cms.goto&_i=&_u=javascript:document.write(%27<font size=+10 color=%22red%22>http://ha.ckers.org/xss.html</font><p align=center>greetz RSn%61ke!<br><iframe src=http://momby.livejournal.com width=666 height=666></iframe>%27)

You come up with a "Object moved here"

Click that and you are redirected to the original blog site.

At this point the authors are being nice...but the key thing to realize is what is showing up in your browser bar the whole time...which is:

http://profile.myspace.com/

Now, if you write a similar code into a CSS sheet, specifically where the Myspace navigation bar lies, you can code the redirect to look like an official log in page.

and the only thing that stands between you and the phish page is knowing that the browser should read:

http://login.myspace.com/

which

http://profile.myspace.com/

is pretty close.

"A man can stand anything except a succession of ordinary days."
-Johann Wolfgang von Goethe

P.S. Yeah, pretty good trick...

Beethoven
Re: "Month of MySpace bugs"

"we don't intend to have too many "real" bugs. Most of what we intend to publish are silly XSS/misleading CSS style bugs"

Style bugs?
Simple XSS?

It doesn't sound like they have anything, and they're waiting for people to send them their bugs.

Compared to the browser bugs which actually crashed browsers and allowed for malicious code to be run.

I don't think we're in for anything majorly destructive, maybe a couple of 'neat' tricks, and one or two filter bypasses... which spammers aready have a big heap of anyway.

 Once one has met music, he may never return to speech.

Pages

Add new comment