HTML stuff

[jon the noob]

I was on myspace in a group. I assume myspace is rather easy to hack.. (look at all the phishing). This guy managed to post a big FAIL picture over what someone else wrote.. and i was just wondering how this sort of thing is achieved?

I'm not asking how you do it, so much as what kind of stuff(code w/e ) do you use to do it, etc,

anyone get what im saying?

 

[Steff]

Probably was stupid enough to stick their password somewhere they shouldnt of, and the guy whacked the picture on most likely through HTML (not entirely sure how myspace works..) I would assume just found a hole in the codeing and whatnot

 

[0x0161]

Myspace Clone Script SQL Injection Vulnerabilitys

http://milw0rm.com/exploits/4622 11/13/2007

&

http://milw0rm.com/exploits/4585

MySpace Resource Script (MSRS) 1.21 RFI Vulnerability (10-29-2007)


Myspace = Hackers Haven.

 

[jon the noob]

http://milw0rm.com/exploits/4622 11/13/2007

&

http://milw0rm.com/exploits/4585

MySpace Resource Script (MSRS) 1.21 RFI Vulnerability (10-29-2007)


Myspace = Hackers Haven.

could you try to explain that to me? like how you use it

 

[Cx]

it's probably patched if it's released, it's really just figuring out how to insert your code and have it slip by their filters. an example is if they block out javascript via stripping out the word javascript or whatever you could try something like this

instead of
<script language="javascript">

try

<script language="java
script">

notice the line break. some parsers won't pick it up and compilers will ignore it. it's a simple technique. btw most methods released to the public are patched, so it's up to you to figure out how or get connected with people who make 0days.

plz don't be another troll, that's all i ask

 

[jon the noob]

it's probably patched if it's released, it's really just figuring out how to insert your code and have it slip by their filters. an example is if they block out javascript via stripping out the word javascript or whatever you could try something like this

instead of
<script language="javascript">

try

<script language="java
script">

notice the line break. some parsers won't pick it up and compilers will ignore it. it's a simple technique. btw most methods released to the public are patched, so it's up to you to figure out how or get connected with people who make 0days.

plz don't be another troll, that's all i ask

hey man thanks for the answer
and ill try not to be a troll sorry if i broke a rule in doing this