MySpace Hacked with CSRF and XSS
By Pete Freitag
It seams that someone recently hacked myspace.com, the ColdFusion powered community site with millions of users.
By the time myspace shut down their site for a few hours to investigate he had over 1 million requests from unknowing myspace members for him to be listed as their myspace friend.
Too bad back in those days they didn't have xss countermeasures like Content Security Policy headers as we do today. It would have limited the damage.
MySpace Hacked with CSRF and XSS was first published on October 13, 2005.
If you like reading about xss, csrf, or security then you might also like:
- Announcing Web Application Firewall for ColdFusion
- csrfVerifyToken does not invalidate the token
- Firefox Aurora now Supports Content Security Policy 1.0
- HackMyCF Scanner Updated
Weekly Security Advisories Email
Advisory Week is a new weekly email containing security advisories published by major software vendors (Adobe, Apple, Microsoft, etc).