October 14, 2005
MySpace hacked for fun and chicks
Anonymous Reader writes "Article from BetaNews: "One clever MySpace user looking to expand his buddy list recently figured out how to force others to become his friend, and ended up creating the first self-propagating cross-site scripting (XSS) worm. In less than 24 hours, "Samy" had amassed over 1 million friends on the popular online community." There are other accounts of the incident here and here, including the source code. Judging from the payload, it looks like MySpace got off easy. What if the payload was used to alter the user's data (delete/rewrite they're profile, rearrange friends, post spam, upload porn, delete pictures, etc). Hosing all the data in the database. Now imagine if something like this took place on say eBay, Salesforce.com, or GMail."