M.O.M.B.Y! (momby) wrote,

  • Mood:

MOMBY-00010100: Myspace Bug Potpourri

Advisory MOMBY-00010100: Myspace Bug Potpourri
Noobz: .*
LOLz: .*
0wnz: .*

Today is the last day of the Month of Myspace bugs. We disclsed 19 bugs this month, about 14 of which were fixed within a day or two of publication, which demonstrates two interesting facts: the Myspace web design and security groups can fix bugs if they care to, and b) the Myspace web design and security groups tend to fix bugs if they're presented in an easy to read and high profile "Month of" format.

Anyway, here's the rest of the submissions that we didn't get to, in glorious unedited plain text. That means that we do not offer any sort of advice on how to reproduce these, nor do we offer any sort of independant validation on the quality of the bugs, or even so much as a spellcheck.

Thanks to MustLive, rMrGvG, Awesome AnDrEw, RSnake, teh_commodore, Synthetic, and everyone else, credited or not, for submitting bugs. We, quite literally, wouldn't have done it without you! And also thanks to Six Apart and the wonderful staff at LiveJournal for taking this all in stride and not being giant dicks. Extra thanks for rMrGvG for translation for my favorite people on Earth, the Mighty Spaniards, originators of the deadlist flu bug ever seen!

Finally, thanks to the readers, especially the haters. You guys made us laugh, and laugh, and laugh. April Fools, suckers!


MOMBY-00010100a: Myspace Flag Overlay Spammer Trick

Credit: Technocrat

MOMBY-00010100b: Myspace Unprintable Password Permanent Account Control

Credit: Awesome AnDrEw

MOMBY-00010100c: Myspace Embedded Flash Javascript/ActionScript XSS

Credit: Lonewolf / OwnedSpace

MOMBY-00010100d: Myspace Profile Redirect

Credit: Tymm

MOMBY-00010100e: Myspace Permanent Message Archival

Credit: c

MOMBY-00010100f: Myspace MP3 theft

Credit: Spas

MOMBY-00010100g: Myspace Jobs Search Locale XSS

Credit: rMrGvG

MOMBY-00010100h: Myspace Groups HTML Element Injection

Credit: rMrGvG

MOMBY-00010100i: Myspace Profile HTML Element Injection

Credit: rMrGvG

MOMBY-00010100j: Myspace Bulletin HTML Insertion

Credit: rMrGvG

MOMBY-00010100k: Myspace Blog Background Image XSS

Credit: Paul_Smells aka Sinclair

MOMBY-00010100l: Myspace mp3downloader MP3 Theft

Credit: Jon

MOMBY-00010100m: Myspace mp3downloader MP3 Theft

Credit: Awesome AnDrEw

MOMBY-00010100n: Myspace Random Image Viewer

Credit: skinnyCorp

MOMBY-00010100o: Myspace Profile Reset

Credit: Anonymous

MOMBY-00010100p: Myspace Preferred Language Reset

Credit: Anonymous

MOMBY-00010100q: Myspace Domain Generalization Design Error

Credit: Wladimir

MOMBY-00010100r: Myspace Patched XSS

Credit: rMrGvG

MOMBY-00010100s: Myspace Shouthacking Vector

Credit: Anonymous

MOMBY-00010100t: Myspace CSS "@import" XSS

Credit: luoluo

MOMBY-00010100u: Myspace Messaging XSS

Credit: rMrGvG

MOMBY-00010100v: Myspace Messaging XSS

Credit: TX

MOMBY-00010100x: Myspace Instant Messenger Unfiltered Flash

Credit: Awesome AnDrEw

MOMBY-00010100y: G4TV Month Of Myspace Bugs Article XSS

Credit: Mondo Armando

MOMBY-00010100z: Unknown Myspace Vulnerability

Credit: Unknown

MOMBY-00010100!: Unproven Myspace Undeletable Comment

Credit: Anonymous

MOMBY-00010100@: Myspace Top Friends Bug

Credit: Anonymous

MOMBY-00010100#: Myspace MYUSERINFO Alteration (User Impersonation)

Credit: Anonymous

MOMBY-00010100$: Myspace Message Privilege Violation

Credit: Anonymous

MOMBY-00010100%: Myspace Vulnerable Feeling Form

Credit: Anonymous
Tags: lots and lots of bugs
  • Post a new comment


    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
← Ctrl ← Alt
Ctrl → Alt →
← Ctrl ← Alt
Ctrl → Alt →