Web Application Security Consortium - Web hacking Incidents Database (WHID)

Contributors

Jeremiah Grossman
(WhiteHat Security)

Ofer Shezaf
(Breach Security ) [Project Leader]

The Web Hacking Incidents Database
Last update:07 November 2007

Incident WHID 2005-51

Full List
By Class
By ID

1999
2000
2001
2002
2003
2004
2005
2006
2007

RSS
Statistics
Blog
FAQ
About

WHID

WHID 2005-51: Critical MySpace Vulnerabilities Leave Every Active Account Exploitable

Date: 05 December 2005
Incident Type: Vulnerability Disclosure
WASC Threat Classification: Abuse of Functionality, Cross-site Scripting

An XSS when receiving notification of an incoming IM message. Additionally it is possible to send an IM message to somebody who has blocked such messages by pretending to be answering a message from him.

References:

Critical Myspace Vulnerabilities Leave Every Active Account Exploitable [Silent Productions]

This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.