You know how when you goto peoples websites it knows your there? That is because of your cookie. Unfortunately that same cookie can also be used for a cross site script basically making you execute commands without your knowledge. I do not what to get into the exact code to make this work but I see people are doing it now.
If you look at my profile on MyBlogLog You will see 2 sites that I did not add.
I wonder if Yahoo could be possibly liable here because basically Yahoo is saying that I said I own these sites… yet I did not…
Check out Jason Calacanis community. Evidently in addition to calacanis.com he also owns and authors seoadwords.com …. right….
So what else can people do with cross site xploits on mybloglog? Oh I think we are just seeing the tip.