Another Mybloglog Exploit – This One A Little More Harmful

You know how when you goto peoples websites it knows your there? That is because of your cookie. Unfortunately that same cookie can also be used for a cross site script basically making you execute commands without your knowledge. I do not what to get into the exact code to make this work but I see people are doing it now.

If you look at my profile on MyBlogLog You will see 2 sites that I did not add.

I wonder if Yahoo could be possibly liable here because basically Yahoo is saying that I said I own these sites… yet I did not…

Check out Jason Calacanis community. Evidently in addition to he also owns and authors …. right….

So what else can people do with cross site xploits on mybloglog? Oh I think we are just seeing the tip.

About The Author

Comments 29

  1. Bradford Knowlton
  2. Ron J
  3. Meg
  4. ShoeMoney
  5. engtech
  6. ShoeMoney
  7. Leonard Chen
  8. dillsmack
  9. dillsmack
  10. Meg
  11. Meg
  12. tony greene
  13. IslandGiRL
  14. Tat
  15. ShoeMoney
  16. Jason Bartholme
  17. Nick
  18. Cygnus
  19. Jack
  20. Lee Bandoni
  21. Bradford Knowlton
  22. HMTKSteve
  23. HMTKSteve
  24. HMTKSteve
  25. Bill
  26. ShoeMoney
  27. Eric Marcoullier
  28. Stu
  29. claude