Noobz: ** 1/2 LOLz: ********* 0wnz: * 1/2
Due to a lack of Referer checking or other form of validation, an attacker may arbitrarily cause Myspace users to end their sessions.
Ultimately, an attacker needs to get a user to visit the following URL to log off: http://collect.myspace.com/index.cfm?fuseaction=signout. However, due to the lack of origin checking, an attacker may cause a user to visit a link via any browser request, including background requests. Thus, for example, by setting a redirect action as a 404 error, an attacker may embed a non-existent image to trigger the session-ending GET action.
Example tag: A tag such as <img src="http://momby.phpnet.us/myspace/noimageforyou.jpg"> may be embedded throughout user-controlled areas, and may be targeted to particular users through blog comments, messages, etc.
It's important to note that automated log outs are not the only application of CSRFs.
Credit: AwEsOmE AnDrEw reported specifically the .htaccess-enabled attack in order to silently log out users, and earned a pile of extra LOLs thanks to this vector (to read the specific .htaccess syntax provided, see http://momby.phpnet.us/myspace/.htaccess).