devz3ro.com
September 09 2010 07:54:23

Navigation

· Home
· Articles
· Downloads
· FAQ
· Discussion Forum
· Web Links
· News Categories
· Contact Me
· Photo Gallery
· Search

Users Online

· Guests Online: 2

· Members Online: 0

· Total Members: 190
· Newest Member: kompa

Working tracker... ?

· devz3ro on August 30 2007 02:17:36
Journal






By devz3ro

Sorry for my absence - I've been working and partying a lot lately, thus a huge lack of updates. I am still alive though, if you were wondering or... care =).

Onto bigger and better things though. I mostly have an audience from the imeem player on myspace. It was a real small project from my perspective, and using scripts that I didn't even code to make it happen made it even smaller.

In my spare time I have read some XSS or cross-site scripting books. There is a XSS 'cheat-sheet' floating around the internet which I stumbled across as I was skimming through this book. I had an idea to combine 2 of the scripts on this cheat sheet (with a little input of my own) in a way that would allow scripts to be ran on the current domain, communicating outside of the internal domain even if we aren't permitted to do so (what xss is =]). I passed along my theory to a friend that has more knowledge in this area than myself. He setup a temporary php/mysql server to see if he could use this 'obfuscated' code on current online networks - such as friendster, myspace, imeem, facebook, zanga etc. The script he was using was basically a 'cookie-stealer'. While this sounds funny, it's actually very bad (I'm not going into why). His results came back positive for all except facebook.

My options were the following:
#1. try to get this published in an 'updated' cheat-sheet. #2. contact a friend I have who works for securityfocus.com. #3. just release it to the public.

I chose option #2. While having it published sounds good, I would never be credited. Releasing it to the public would just cause abuse from webmasters and those seeking a easy 'buck' - having it patched on all networks immediately.

While securityfocus.com really doesn't bother with such 'small-and-easily-patchable-vulns' like this, I still wanted to see what they have to say about it. Who knows maybe I could be mentioned in an article if they ever wrote one.

-Mathieu
0 Comments · 722 Reads · Print

Comments

No Comments have been Posted.

Post Comment

Please Login to Post a Comment.

Ratings

Rating is available to Members only.

Please login or register to vote.
No Ratings have been Posted.

Login

Username

Password



Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.

Shoutbox

You must login to post a message.

sflady415
11/07/2009 22:08
question, how do you autoshuffle imeem tracks on myspace?

tazzybaby92
01/07/2009 23:59
i've been tryna get my imeem playlist to autoshuffle for the longest and nomatter what I do it wont. I tried what u said about getting the encoded link but it didn't work. Here's my imeem

superrama
27/01/2008 03:18
i found that if u leave the imeem tag on, click preview section and hit save teh second imeem appears itll save it. i have no i dea why, i got the tip from someone else. its currently working u might

superrama
26/01/2008 15:13
the new imeem work around isnt working it played a song for like 20sec then it refreshed and words BLOCK appeared in my profile eveytime it refreshed

marie
01/06/2007 17:26
heres my imeem code for u to convert. thanks so much <object width="300" height="290"><param name="movie" value="http://media
.imee
m.com/pl/80Dd
TvK

devz3ro
13/05/2007 21:13
If you don't understand the code conversion for the imeem player, just register on this site and send me your original code in a PM. I will do the conversion for you.

Linda
25/02/2007 00:23
Isn't this site supposed to show up on myspace to see who's been spying on me? Can someone help me please? Thank's Linda

ally904
06/02/2007 19:11
wheres the tracker?

devz3ro
27/09/2006 07:26
Lrn2 Shoutbox, Kthnx.