January 2008

Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    

Categories

Add me to your TypePad People list
Subscribe to this blog's feed

Recently Updated Weblogs

Blog powered by TypePad
Member since 11/2006

« We're back, baby... | Main | Don't Blinkx twice? It's alright. »

2008.01.20

Actual MySpace URL pedo exploit still alive and kicking. Nobody really cares.

Msp User videos on MySpaceTV that are not individually made 'private' - but still behind a private profile barrier - are accessible to anyone by fiddling with the URL minimally.

This is identical to the image exploit that was plugged up earlier this year by the Space staff.  Kudos, we guess?  But wouldn't videos be actually worse than images for the lonely mouth breathers to get all hot n bothered over? 

Don't believe me?  Try it yourself.

Step one: Find a private profile.
Step two: Navigate to an accessible videos page for a user who is your friend or who simply has everything out in the public.
Step three: Paste in the friend ID of the person who has their profile set to private.

Even if they don't have any videos posted, you are now partially behind their privacy screen.  If they DO have videos posted, you can view them to your hearts content.

ZOMGPWN! will monitor this one and report on any fixes.  However until a larger site picks this up, we suspect that nothing will change.

Posted by ZOMGPWN! on 2008.01.20 at 02:38 PM in Current Affairs, Socialz, Teh Intrawebs, Video, Web/Tech |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/t/trackback/1129069/25309512

Listed below are links to weblogs that reference Actual MySpace URL pedo exploit still alive and kicking. Nobody really cares.:

Comments

Post a comment

Pages

I CAN HAZ

SCRILLA, PLZ?

Tip Jar