Hilarious!
Quick, somebody setup a site with a cross reference to everyone!
I wanna be Matt Cutts, no Darren Rowse, no, Greg! Ya Greg B.

Holy crap that’s so awesome.

all you have to do is look at there avatars to get there ssid numbers

Hacking MBL is a sport for Jeremy.

To be honest its not even a challenge and I would not really call these hacks just more like fun tricks. I am glad they showed us the way to point out these things is publicly. Its much more fun.

Ouch. Just, ouch.

Well I see you added my name to the list. If my wife finds my profile on a porn blog, you can do the explaining!

These guys are really having a bad week

[...] Shoemoney has the scoop [...]

ShoeMoney mentioned it above.. but to clarify:

To get someone’s MBL id just go to a page with MBL avatars being displayed:

http://www.mybloglog.com/buzz/members/rafer/

Right-click the avatar you want, and click View or Copy Location.

Then you have a url ending in: 2005030322105594_avatar.jpg

The string of numbers is the SID.

Hey MyBlogLog idiots: at the very freaking least, obfuscate between the private key (member SID) and the very public avatar key.

[...] MyBlogLog widget as somebody else. now this is a flaw that really needs to get fixed right away and thanks should go out to Shoemonkey for finding it but really did you then need to provide a list of bloggers for people to [...]

You’re scary sometimes, you know that, right?

Hey, can y’all verify for me that this has been patched? Thanks!

Nope. Not even close.

I am still surfing as shoemoney here!

[...] Jeremy of ShoeMoney shows how you can surf the web as other MyBlogLog members. [...]

Hey Blue — can you tell me which site you’re on that shows you as Shoe? It’s possible that one of our scripts didn’t get upgraded and it would be great to know where you’re seeing this.

[...] how to hack mybloglog via Jason. [...]

mysql> use mybloglog
Database changed
mysql> select count(*) from member;
+----------+
| count(*) |
+----------+
| 67514 |
+----------+
1 row in set (0.01 sec)

mysql> select * from website order by rand() limit 10;
+------------------+----------------------------------------+
| uid | url |
+------------------+----------------------------------------+
| 2007021222173114 | blog.yam.com/tpsei |
| 2007010901144612 | http://www.mychristiannetwork.com/blog/mcncyo |
| 2007012019374188 | http://www.everythingmining.com |
| 2006090810070427 | dncrx.spaces.live.com |
| 2006112003035485 | http://www.ideamimarlik.net |
| 2006102622225563 | http://www.askrackmountranger.com |
| 2007010614392550 | sassygirladventures.blogspot.com |
| 2006041613491844 | http://www.usarchy.com |
| 2007010901394997 | http://www.gomojo.info |
| 2006110814400659 | blog.crankingwidgets.com |
+——————+—————————————-+
10 rows in set (0.49 sec)

[...] ShoeMoney zeigt, wie man durch das Web per MyBlogLog als Michael Arrington oder Jason Calacanis surfen kann (oder auch als jemand anderes…). Hat Ihnen der Artikel gefallen? Abonnieren Sie doch meinen Feed! [...]

lol you scraped there whole site and put it in your db?

Hilarious…the MBL guys needs some makeover now.

Man, you scraped the whole site?!? You should have just waited a few weeks for the API.

-T

[...] [Via: ShoeMoney] [...]

Welcome to the big leagues.

LOL this should be fun to play with I hope mybloglog is watching your blog jeremy so they can fix this issue.

M*tha F*ckin Genius! You the man Shoe! I want to be your Padawan Learner so I can be come the next Shoemoney Jedi Pimp!

Now you can build your own site, with a ton of ringtone ads. Same content, same images, but more ads, and more money.

This is slowly becoming the end of MBL as we once knew it back in 06.

[...] « MyBlogLog Trick - How To Surf The Web As ShoeMoney [...]

That’s a real shame - they really didn’t benefit from banning you. If anything, they’ve drawn more attention to their faults without eliminating the true problem - their site.

There’s probably a lesson here though. Whenever you’re going to “stick it to the man”, put it on a fake myspace site and just link to that!

Have a great day!

Kumiko (although my mybloglog avatar may be John Chow)

[...] Shoemoney has been messing with security flaws in MyBlogLog and posting about them. MyBlogLog got fed up and [...]

That’s really scary. How did this system go live that way?
Anyways, I think they fixed it. Right now if I try this, once I go to MyBlogLog the sid is changed again.

[...] who might want to be Danny Sullivan or Jeremy Zawodny could have used a tip Schoemaker published to do that with MyBlogLog. The Yahoo-owned blogging community service used [...]

[...] is prefaced with my user id seems to be present. Perhaps they have since fixed the problem that ShoeMoney discussed a couple days ago, but banning him for making the issue public is unnecessary. They have essentially banned one of [...]

Loren Baker - 2006120114424866

LOL!

[...] seems to involve Shoemoney’s figuring out to masquerade as other “people” by altering your cookie to match another individuals’ unique MBL ID — and furthermore, decided to publish a list of famous bloggers’ IDs for folks to [...]

I wish I had never signed up to MBL now….

[...] has posted various exploits in the past, but it wasn’t til this latest one that Yahoo! decided enough was enough. The exploit he posted about was how you could surf the web [...]

[...] has been written about the “Shoemoney Affair,” in which the blogger known as Shoemoney wrote about a MyBlogLog hack that allowed unscrupulous types to spoof their identities, and was subsequently [...]

[...] Shoemoney has been a thorn in their side, calling them out on their shortcomings. When he finally exposed a security flaw and showed people how to visit blogs as other MyBlogLog users, MyBlogLog banned [...]

[...] has posted various exploits in the past, but it wasn’t til this latest one that Yahoo! decided enough was enough. The exploit he posted about was how you could surf the web [...]

Scary stuff. Hey, Shoe…will you visit my blog 10 times please? I need some help.

The exploit could hurt others reputations maybe, but otherwise you’re just freely advertising for them.

[...] about these issues was ShoeMoney. He was pointing out flaws and also pointed out a way people could surf the web pretending to be any member of MyBlogLog they wanted. This action got him banned from MyBlogLog. This caused [...]

Ouch. These guys need to get it together.

[...] came a number of people looking use MyBlogLog for financial gains. From R-Rated avatars to people pretending to be somebody else to other commercial avatars like Mr. Online Pharmacy, there has been a glut of [...]

They need some real help over there, horrible programming.

[...] I can’t do a post on MyBlogLog holes without mentioning Shoemoney’s from a few weeks [...]

[...] I can’t do a post on MyBlogLog holes without mentioning Shoemoney’s from a few weeks [...]

and why would your wife be on a porn blog to see it?

[...] (ומי יוריד לינק שהש×?יר בהערה Tech Crunch ?) ומסתבר שזה ×?פילו די פשוט (לבעלי יומרות קידו×? ×”×?תרי×? שבינינו זהו בכלל בלוג ש×?× ×™ [...]

[...] MyBlogLog Trick - How To Surf The Web As ShoeMoney [...]

[...] MyBlogLog hack of the week - by Shoemoney [...]

[...] MyBlogLog hacks can be found here and here which got the ‘author’ temporarily [...]

[...] bloggers such as Shoemoney. Jeremy found a security glitch in the code that allowed people to surf the net as someone else. They banned him, then later [...]

Hi Shoe, I was just getting into all this Social Networking…Digital Signature stuff and then read your post Not sure what to do now as MBL has come rrecommended from a number of top blogs!

[...] How To Surf The Web As ShoeMoney MyBlogLog Showing Communities I did not Join ? [...]

[...] Beal as a spammer from the whole mybloglog thing so I outed a few small exploits Here and here and here then I was banned then dillsmack uncovered that Yahoo had implemented code specifically to track [...]