Discover the best of the web!
Learn more about Digg by taking the tour.
MySpace Gets Wormed Again
hax3r.com — Someone found another way to use javascript on myspace and using a modified version of Samy's original worm, did it again. Hooray for cross-site scripting! Poor Tom, when will he learn to stop using coldfusion?
jimz- 1231 diggs
- digg it
- bemaniso, on 10/12/2007, -2/+1wow, good job myspace should go down the *****.
- gopper, on 10/12/2007, -1/+0LMAO.. Stupid Myspace.
Get to NuSpace.be .. Its the place to be.
(na.. not yet.. but soon it will be)
Well done MX! - BugMeNot2, on 10/12/2007, -3/+0Not as much as that other guy, but 45,000 is still A LOT.
http://www.gamerzplanet.net/forums/t158170-digg-preview.html - compu73rg33k, on 10/12/2007, -0/+0w00t keep owning MySpace.
- mikeruiz7, on 10/12/2007, -0/+0That kicks ass. I hate MySpace but I do like how easy it is for people to listen to your music...
Other than that, worm away. - tastypastry, on 10/12/2007, -0/+0Someone needs to shut down myspace
- oculus1857, on 10/12/2007, -0/+0!!Stupid Question Warning!! If using Coldfusion lead to the "Worming" of myspace.com then what programming lanuage or set of programs should they be using? Post and/or flame away digg peeps.
- MattZed, on 10/12/2007, -1/+0gg, myspace, uninstall.
- QuorumCall, on 10/12/2007, -0/+0Is he running Vista in that screenshot?
- MonkeyFit, on 10/12/2007, -0/+0I keep hearing all these people talking ***** about about MySpace. I have never been there, and from the sounds of it, don't plan on ever going there. And this worm thing is just hilarious.
- sayitaintjonas, on 10/12/2007, -1/+1What's everyone's problem with myspace anyway? Does no one else uses it to keep up with friends? I assume most people using their time to write worms have few friends anyhow. I mean, its not the best site ever made, but its convenient and a lot of people know about it so it makes finding old friends relatively easy.
Thats right, I'm promyspace, flame away flamers. - mrkoje, on 10/12/2007, -0/+0It looks like winxp with a 3rd party theme. Maybe... I haven't seen many vista previews. However, he is clearly using firefox browswer.
- Kingmichael, on 10/12/2007, -0/+0MySpace sucks butt.
- TheNik, on 10/12/2007, -1/+0Yeah, its a theme from Deviant Art.
Not only is MySpace using ColdFusion, they are also using Windows Server! - Dabisu, on 10/12/2007, -0/+0LMAO, definately Kingmichael!
- esteban, on 10/12/2007, -0/+0Looks like he is using a shell, could be bblean -- it is definately not Vista.
http://bb4win.sourceforge.net/bblean/ - foooey, on 10/12/2007, -1/+3post is a troll =
cross site scripting has jack to do with the language the app is written in
PHP is as vulnerable as CFML as is vulnerable as ASP etc etc - tjhanley, on 10/12/2007, -0/+0it isn't really a CF issue. it is that they allow you to put whatever you want into any text area, CSS, HTML, TEXT. they are probably only checking for keywords like
- tjhanley, on 10/12/2007, -0/+2it isn't really a CF issue. it is that they allow you to put whatever you want into any text area, CSS, HTML, TEXT. they are probably only checking for keywords like script... they don't think about people putting blank spaces in the middle of their javascript. what he should do is ajax all the content that the users put into their textareas and use.
currenttext=document.createTextNode(ajaxedContent);
then setting the currenttext to the innerTEXT of the div or span (or whatever they are using)...
mycurrent_cell=document.createElement("TD");
currenttext=document.createTextNode(ajaxedContent);
mycurrent_cell.appendChild(currenttext);
row.appendChild(mycurrent_cell);
if they are using tables.
the textNode object doesn't allow any scripting in it. http://www.mozilla.org/docs/dom/domref/dom_doc_ref47.html
learn the DOM Tom... - jimz, on 10/12/2007, -0/+0I never said it was a problem with coldfusion. I was just adding a little humor.
- tjhanley, on 10/12/2007, -2/+0yeah CF is junk... total pig on the serverside.
- ccanni1028, on 10/12/2007, -1/+0I don't use MySpace. I use Facebook occasionally, but that's it.
- your_mom, on 10/12/2007, -3/+0teh day some kid gets raped because of myspace, someone will sue and it will be shut down.......only if that day would come.......***** MYSPACE!!!!!!!!!AHHHHHHHHHHHHHHHHHHHHHHH
- TheNik, on 10/12/2007, -3/+0Actually, I was just noting that CFM is a really bad programming language. :/
- Anth, on 10/12/2007, -1/+0Hah! They didnt filter for indention! Idiots!
- rk_cr, on 10/12/2007, -0/+0And this is why I don't like MySpace...
- digital, on 10/12/2007, -1/+0yes bring this ***** down
- lollerskates, on 10/12/2007, -1/+0...That's really what you get for creating a service for whiny emo kids. Now if only they did the same to the crappier livejournals and xanga, I could die happy.
- sych0, on 10/12/2007, -0/+0well, im glad you guys think myspace sucks. It seems everyones jumping on the bandwagon, but when i checked it out, it looked like *****. Even kevin and alex have pages. ....what the *****. Where did this ***** site come from?
- hyperpasta, on 10/12/2007, -0/+0I have a MySpace and I hate it. It's a peace of s*** site. I use it simply because everyone else does, so if I used a better one... I can't use it with friends. It's like how I use AIM. Because if I used Y!IM or MSNIM, I couldn't talk to anyone.
- innternal, on 10/12/2007, -1/+1It's a fact:
Worms love dirt. - gamer31, on 10/12/2007, -0/+0why doesnt he post the code
- Ausome1, on 10/12/2007, -0/+0Ratboy also wormed myspace. Spread to 104 people in one day so far.
- mtsoul, on 10/12/2007, -0/+0Go to the page that he links. That page has the code.
How come none of my friends use MySpace? Am I not geeky enough? - dolby, on 10/12/2007, -0/+0Are you surprised, myspace is owned by Newscorp (fox) did the just kid arrested development? Crash, the damn site. Pings of death go.
- AlmostClever, on 10/12/2007, -0/+0"teh day some kid gets raped because of myspace, someone will sue and it will be shut down.......only if that day would come.......***** MYSPACE!!!!!!!!!AHHHHHHHHHHHHHHHHHHHHHHH"
Good to see that you are up on current events. You're an idiot.
http://digg.com/links/Girl_murdered_by_man_she_met_on_MySpace - gamer31, on 10/12/2007, -0/+0how can you get this to work cant somone just post the working script
- DullesGuy, on 10/12/2007, -0/+0Facebook FTW.
- gamer31, on 10/12/2007, -0/+0Somone just post the working script.
- smartguy2045, on 10/12/2007, -0/+0No more embed though, right?
- hammerattack, on 10/12/2007, -0/+0Coldfusion is junk, but it has nothing to do with XSS attacks. The same crap would have worked on asp, php, or...*bleck*...perl.
- your_mom, on 10/12/2007, -0/+0"Good to see that you are up on current events. You're an idiot."
well, i never saw it, jeez. thanks for pointing it out. then y havent they shut down tha tpieceof ***** they call a website??? - Rain, on 10/12/2007, -0/+0It looks his theme is BlackMesa?
- spoonzor, on 10/12/2007, -0/+0"well, i never saw it, jeez. thanks for pointing it out. then y havent they shut down tha tpieceof ***** they call a website???"
If someone gets stabbed do you blame the knife? - Mongoose, on 10/12/2007, -1/+0hahahhahaha. ownage!
- foreplay, on 10/12/2007, -0/+0wasnt the original hole because of poor handling of code in internet explorer. I remember reading myspace filters the word javascript so he split it up into 2 by javan script. its very hard for myspace to deal with so it looks like they are limiting the number of possible friends you can have to stop the spread of these worms.
- rayde, on 10/12/2007, -0/+0the people who are hating myspace obviously aren't meeting interesting people through it.
i can deal with an embeded WMV file here and there if i am also introduced to somebody interesting to meet up with for a show or something. - DeadlyHunter, on 10/12/2007, -2/+0DEATH TO MYSPACE!!!!
- poobread, on 10/12/2007, -0/+0Oh man, i used go to to a forum where this kid was a member.
His Aim sn is "Mx1". - jimz, on 10/12/2007, -0/+0Mx has put privacy on and will not accept any more IMs from people not on his buddylist. :)
-
Show 51 - 82 of 82 discussions
Digg is coming to a city (and computer) near you! Check out all the details on our 
© Digg Inc. 2008 —
Content posted by