Two Hackers Plan to Disclose MySpace Vulnerabilities
Two hackers have initiated a campaign to highlight MySpace vulnerabilities. This campaign hopes to make a greater splash than the January month of Apple bugs. The hackers admitted that the campaign started off rather slowly.
The hackers named Mondo Armando and Mustaschio stumbled on the vulnerabilities when they selected MySpace to carry out their project because the site has a large number of visitors. They said they had informed MySpace about their project. TECHWORLD published the hackers' statement on April 2, 2007.
The hackers said that during the next few weeks, they would disclose a number of bugs including cross-site scripting (XSS) flaws and others that allow unauthorized access to profiles of the site users.
At the start of the initiative the couple used a popular vulnerability that reflected the very characteristics of MySpace. Users could use cascading style sheet (CSS) language to edit their profiles as well as customize its URL. This could allow hackers to create profiles resembling the site's login page and use a seemingly authentic URL to dupe users into divulging their credentials.
On April 2, 2007 the hackers uncovered vulnerability within the "cms.goto" application featuring on "profile.myspace.com". It occurs due to the absence of input-validation and that can cause an XSS assault.
CTO of WhiteHat Security, Jeremiah Grossman told SCMagazine.com on April 2, 2007 that the project underscored the flaw of a large number of sites displaying on the World Wide Web. In any case, hackers would tend to exploit MySpace vulnerabilities, as there are 130 million members on the site. Hackers frequently target MySpace, as by hacking a single account it could help to access numerous other users' accounts that they could infect with malware or attack with spam.
Related article: THE SPAM MAFIA
» SPAMfighter News - 10-04-2007