WebApp Sec mailing list archives
Re: myspace hack
From: Chris Varenhorst <varenc () MIT EDU>
Date: Thu, 13 Oct 2005 09:38:33 -0400 (EDT)
Oh wow I'm wrong, I'm apparently thinking of current myspace bots which do as I described. It looks this was in fact made possible by an XSS vulnerability. Sorry On Thu, 13 Oct 2005, Chris Varenhorst wrote:
This isn't hacking at all. (at least not what I'd call it) This is writing a script to go through myspace IDs (which happen to be squential) issuing friend requests to every one of them. To prevent this, now myspace limits friend requests to a certain number per day. Hope that covers it! -Chris On Thu, 13 Oct 2005, Akash wrote:Does anyone has more technical details about how 1 million accountsgot hacked in about 24 hours. This is the supposed confession of the hacker http://fast.info/myspace/ I currently studying for CEH and just finished reading about XSS. So this is of special interest. regards akash
Current thread:
- myspace hack Akash (Oct 13)
- Re: myspace hack Stephen de Vries (Oct 13)
- Re: myspace hack Chris Varenhorst (Oct 13)
- Re: myspace hack Chris Varenhorst (Oct 13)
- <Possible follow-ups>
- RE: myspace hack Griffiths, Ian (Oct 13)
- Re: myspace hack rSYN (Oct 13)
- RE: myspace hack Reynolds, Jake (Oct 14)
- Re: myspace hack Stephen de Vries (Oct 14)
- RE: myspace hack Radoslav Vasilev (Oct 14)
- RE: myspace hack Andrew Chong (Oct 14)
- Re: myspace hack Stephen de Vries (Oct 14)
- Re: myspace hack Tim Brown (Oct 14)
- Re: myspace hack bugtraq (Oct 14)
- Re: myspace hack Tom Gallagher (Oct 14)
(Thread continues...)