WebApp Sec mailing list archives

Re: myspace hack


From: Chris Varenhorst <varenc () MIT EDU>
Date: Thu, 13 Oct 2005 09:38:33 -0400 (EDT)

Oh wow I'm wrong, I'm apparently thinking of current myspace bots which do
as I described.  It looks this was in fact made possible by an XSS
vulnerability.
Sorry

On Thu, 13 Oct 2005, Chris Varenhorst wrote:

This isn't hacking at all. (at least not what I'd call it)
This is writing a script to go through myspace IDs (which happen to be
squential) issuing friend requests to every one of them.  To prevent
this, now myspace limits friend requests to a certain number per day.
Hope that covers it!

-Chris

On Thu, 13 Oct 2005, Akash wrote:

Does anyone has more technical details about how 1 million accounts
got hacked in about 24 hours.

This is the supposed confession of the hacker
http://fast.info/myspace/

I currently studying for CEH and just finished reading about XSS. So
this is of special interest.

regards

akash



Current thread: