A guy named Samy noticed a flaw in MySpace that doesn’t validate the user input. As a result, malicious javascript is allowed to pass through. Instead of reporting it to MySpace, he decided to make himself popular.
One of the features of MySpace lets you name your heroes. Samy wants to be everyone’s hero. So this is what his dirty script do: someone who views his profile would automatically add Samy as their friend and his name into their profile’s list of heroes. In addition to that, those victims will then carry the malicious javascript to infect others when their profiles are viewed are more people.
In other words, Samy has just created a worm at MySpace. As a result, he is now friends to a million MySpace users, and that’s something achieved in less than 20 hours.
You can view his confession here. Via Digg.
Cross-posted at Techdigger.
0 Responses to “MySpace hacked”