Music
Essay by 24 • November 5, 2010 • 378 Words (2 Pages) • 1,088 Views
EDITOR'S NOTE: I have posted these hacks in the hopes of publicizing security holes and forcing the networks to close them. Please do not send me email, myspace messages, or friendster messages asking me to spend my free time helping you duplicate this hack. Both Myspace and Friendster have modified their sites enough so that these hacks no longer work. In addition, this article contained far more than enough information to duplicate these hacks (when they worked), and still contains enough information to build similar hacks today. If you do not understand how to make similar hacks, consider doing your own research. If you want my help learning CGI and DHTML/JavaScript, I am available as an independent contractor and instructor at the rate of $60/hr. If you contact me asking for assistance in stealing other people's personal information I will forward your email to the relevant social network's abuse contact person, and recommend that they deactivate your account.
This is the first in a series of articles that expose security flaws in social networks. The two hacks described here are cross-site scripting attacks.
My Friendster profile has a link to my homepage. And my homepage has an embedded iframe in it, which uses a get string to call the "Forward this profile to another user" function of friendster.
In other words, by loading my webpage, your browser loads a page which sends an email to me, via the Friendster service. This email contains: your first & last name, the email you used to sign up to Friendster, your Friendster user-id, and a link which I can use to sign up to Friendster and automatically become your friend. There is no record of this anywhere on your Friendster account; it is totally invisible.
Here's the code in my homepage:
Here's
...
...