Tyler Hacks the World

Sometimes you gotta wonder how many people have no friends. Honestly, I've seen so many of these stupid auto-POST Javascript vulnerabilities on MySpace, usually doing something really stupid like re-writing your profile or sending a bulletin. Here's one which posts a bulletin for one of the STUPIDEST scams I've ever heard of, just so four users losers can have more than 5 friends on MySpace.

Idiots.

My response and then original message (button disabled, and links removed, I wouldn't to increase their popularity.)

From: Pixelated a.k.a. Tyler

Date: Mar 28, 2007 8:38 PM

I'm going to assume this is a POST vulnerabilities because:

a) No serious company would make this feature only work if you add random member's profiles to your page.

b) MySpace would not use imageshack for hosting

c) MySpace would use server-side Python, not SWFs

d) Few people who use MySpace would be able to code the HTML for this message.

e) Not many people are actually stupid enough to try this anyways. So I'm 99% sure you didn't intend to post this, and that you have never tried it. -

 

---------------- Bulletin Message -----------------

 

From: ************* Date: Mar 28, 2007 8:31 PM

I just tried it and it works just fine!! Ever wanted to look at who's viewing your page? Myspace has finally taken out the new feature..all you have to do is add the profiles below! it will trigger the new myspace feature!
step1.
MUST ADD ALL OR IT WONT WORK
Step2.

Must do everything here or it WONT work!

What's more sad is that the users don't seem to realize:
A NUMBER ON A WEBSITE DOES NOT TRANSLATE INTO ACTUAL POPULARITY
Honestly...

Also, I'm working on a program that alerts you to changes to your MySpace (i.e. bulletins, friend requests, etc). I already had one of these set up for myself, but now I need to get it setup to get friend IDs from the username and password provided. Stay tuned...

-Tyler