Myspace Exploit!

I wrote the below about 3 months ago (mid july) and published it, but a day later decided to remove the post from my blog – one such exploit like this that was found before took myspace offline for a few hours. It appears myspace have now fixed (well, partly..) the issue I’ve documented here, so I now consider it safe to publish.

Seems I’ve foudn a way of exploiting a hole in myspace’s XSS filters!

Myspace block all kinds of common XSS exploits from your profile, however, I’ve found a way around it! I did email them explaining that I took 2 hours trying to find it, and asking if they offered any incentive to report it to them – but I didn’t hear back. I guess I might as well publish it then…

<div <img />
href="#" onmouseover="alert('moo')">w00t</div>

Using that foothold, I’m sure there’s many things you could do….

3 thoughts on “Myspace Exploit!”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.