kinematictheory.phpnet.us — As the title says, this is how the myspace SWF hack/hijack worked. There's no ads, and this isn't a blog - just a page I quickly made explaining what I found about the hack, also note that I didn't create the hack. I just found it interesting :)This is hosted on a random free host, which may die at any point - offers of hosting are welcome!
Jul 16, 2006 View in Crawl 4
Closed AccountJul 17, 2006
Myspace is for nubs anyways...
tbesedaJul 17, 2006
you're the creeper who doesnt want a whole article so that you can start gathering info w/o publicity about the exploit.
ryandleJul 17, 2006
@beercosoftwareeasy there buddy, the worldwide financial turmoil bit was a little far fetched...
geronimoJul 17, 2006
wow, so they can use getUrl to bypass ajax security. Looking at the getUrl docs, it seems it's highly insecure and allows you to access any URL. That's pretty scary. It seems like flash security is swiss cheese, there are so many possibilities there for anyone with a devious mind. I know of a certain person who found a way to open up pop windows via flash + javascript, I think that was patched after he did that. Adobe should be ashamed of their beast.
kinematicJul 17, 2006Submitter
I think, just maybe, he was offering hosting to me...ravan: thanks but no thanks, the hosting seems to be holding fine for now. Also, I've gotten a fair few offers of hosting from various people - including some sites that I read! Thanks very much to all, if this decides to die, I'll probably take someone up on their offer.
hzmp32001Jul 17, 2006
I am a big fan of Firefox. Like many other comp. geeks my system runs 24/7. I leave my myspace open 24/7... That is until Firefox started consuming 100% CPU after sitting for a few hours.Haven't done any research into why. Surely someone else has run into a similar issue and addressed it by now. My Netscape email crashes Firefox after an expired session too (switching to GMail). I tend to blame these type issues on poor coding on the part of the website, but Firefox should/could do better at handling them. I don't get either of these issues in IE6 (of course I don't get tabs either).
nphp20Jul 21, 2006
I'm not sure about this exact code, but I know my friends and I posted comments on people's myspaces with embedded swf files. The swf file just redirected them to a fake login page where they gave us their password and username. When they pressed submit, it was written to a file called out.txt on our server and they were sent back to a real myspace login page telling them they entered a wrong password.
beacon11Aug 7, 2006
" View -> Source.Anyone with any knowledge of HTML will tell you it's horrid, and if the HTML is so bad, one can only imagine what the back-end stuff is like. Ever wonder why it's so slow and throws up errors to the user so often? "... I know I'm quite a bit behind on commenting this subject, but I just wanted to point out that looking at the source HTML tells the reader nearly NOTHING about the coding habits of the original coders. The javascript printed all over the place is a little nasty, granted, but how the actual HTML is laid out gives no insight to how the site was actually coded! I've coded for a LONG time, using PHP and Ruby, mainly, and I would be the FIRST to say that no matter how neatly I code a site, if it's even MINUTELY complex, by the time the code I wrote prints HTML, it could very well indeed not be orderly. Keep in mind that HTML is the Lowly Underling of languages, wait... I can't call it that. It's a browser manipulation, and the last thing is needs to be is orderly. Sure, HTML requires certain things to be in a certain order, and that order has to be followed to maintain a successful cross-browser website, I know from experience that there are special codes that write pieces of the HTML FOR you, and putting those together is like putting a puzzle together while it's laying face-down. It may go together, but it may not be pretty. Of course, all of these points were made relatively useless, as the myspace coders generally sucked, and I have no plan of deviating from that obviously popular idea. They did, they really screwed up here. It's easy to parse out certain phrases, and I've actually complained to them about it before, when I saw an embedded script redirecting to a hardcore porn site. They sent me a message back saying "we've found nothing wrong with this person's profile." I sent them a message back telling them I was disappointed in their opinion, and they basically told me to go screw myself. Myspace disappoints me.
himselfAug 25, 2006
Its disappointing that this wasn't attempted sooner. Over a year ago I enabled some younger relatives to play longer background music by chaining SWF... and used tiny SWF to redirect pages.this, however, is delightfully nefarious! I'm no myspace fan.
ninewestAug 2, 2007
How to work it in Firefox ?<a class="user" href="http://www.nine-west-shoes.net/">http://www.nine-west-shoes.net/</a>
liam369Aug 6, 2008
<a class="user" href="http://www.myspace.com/theghostofliam">http://www.myspace.com/theghostofliam</a>ADD ME!