The Blog That Is No More
This Blog has moved to
Tuesday, August 29, 2006
  Myspace private profiles still open to SIMPLE URL vulnerability

On August 18 2006 a post was made at our website explaining how easy it was to access comments and photos on Myspace profiles set to "private". This vulnerability had apparently been known by the "Myspace underground" for some time, but had not been addressed by the Myspace security people. On August 26, this vulnerability was made public on and suddenly the whole world new about it. Once in the spotlight, Myspace band-aided this hole in less than 24 hours (See This Post)

From the moment this backdoor was closed, there were posts on and our main website hinting that there were still vulnerabilities on Myspace that would allow anyone to view photos on profiles set to 'private'. I was ready to blab these new vulnerabilities to the world, but I had not actually seen one in action yet.

Well.. Today yet another member of posted how to use a modified URL that will allow ANYBODY to view pictures on profiles set to private. I've seen it in action and can vouch that it's real. This second vulnerability is very similar to the one published on August 18, but this one only works for private photos (sorry, doesn't work for private comments).

So let this be an open letter to the Myspace security gurus:


I'm not going to publish the vulnerability here... YET (gotta give those Myspace guys a chance to fix it.. right?) But it's out there, and it's in use - and if history serves as a guide, this vulnerability may not be fixed until it hits or CNN (but I bet you won't hear about it on FOX news..)

Mr. Murdoch, if you need help finding the vulnerability, just post a comment here or send me an email. :-)

UPDATE: 8/30/06
1) Unless you're Rupert Murdoch (or one of his minions) I'm not going to email you the code! Based on postings i've seen by members at the forums area of our website, it IS out there at other sites.

2) in response to this comment:
Why does your webpage have a link saying "New private profile hole published" linking only to this blog post? You have NOT published it...yet. Quite misleading.
The code WAS published on our main website by a member - We then UNpublished the code to give Myspace a chance to fix it (we are trying to be responsible netizens). Based on what I've read in our forums the code IS published at other websites.. The reason for the link to the blog was so everyone could read that the exploit is out there. Upon reflection, we will update the text in the link to avoid further confusion.

UPDATE: 8/31/06
Well, it looks like Myspace has closed this particular security hole sometime in the last day or two. This latest hole, which worked using a variation of "" would allow photos on private profiles to be viewed in Firefox after repeatedly refreshing the page.

So that's it boys and girls, it looks like the fun is over! ..until the next vulnerability....

Labels: ,

Can you send me it:
Can i have the code emailed to me please?

post the damn url, don't be a pussy.
hey there, can u send me the new code please. my man is cheating! THANKS!
can u send me the new code please!!!! My man is cheatin! thanks
please send it to

can u send me the code please?

can you please send me the code? Thanks.
Exploit here, if you would. . Thanks.
send me the code
Is there a good possibility i can get the code...


thank you :)
please send it to me
hi, can you sent a copy to
Send me the link please. My email is
Can I have it too? Thanks:
cand you send me the code please to

Why does your webpage have a link saying "New private profile hole published" linking only to this blog post? You have NOT published it...yet. Quite misleading.
can i get the code
This comment has been removed by a blog administrator.
C'mon guys, he said right in the article that he's NOT giving you the code. Posting your email only opens you up to spam and flaming.

And if your man really IS cheating, then why don't you ask him about it? You certainly don't need this exploit to do that...
Hmm...this should be fun :D

let those myspacers sweat it out for a while.

but hopefully you'll update, soon !!
all the ways seem to have been patched up so if you have another way besides using their "other servers" such as: search, classifieds, signout, groups, editprofile, events, invite, mail, and favorites... and it works, let's see it.

the only one i know that is fully working with no problem at all, is the one that shows their friends.
could you please send me the code ?
oh oh. me too. I need code very badly.
can you send the code to me? send me the code asap...
Nevermind that email doesnt is the working one thanks...
Can i see the code?
can you send me the code?
can you send me the code
can you send me it

thanks man
Hey can you please send me the code if it works still. I am doing some investigating on my fiance.
i just realized something myspace did, which is pretty much stupid (yea, i was the one that wrote a previous comment about all the other myspace servers not working either) but myspaces link to your profile under your default image "view: pictures | comments" they actually HAVE those links and etc do them. it basically it leads to a blank page, right? So what to do? everyyyyyyone of you all can act like you NEVER heard of this little "hack" (cause if they knew that YOU knew, why would they want to go on to allow it right?) and email myspace ( and complain to them that the link to the users view more picture under the default isn't working. provide them with a link, tell them to get that url fixed. LMAO! Just maybe, if they fall for it.. they will get it fixed and it can be allowed again.. who knows! =P
Z0/\/\G! W3 A11 /\/33D 743 {0D3!!!111


Apparently many of these people are entirely illiterate and haven't the slightest clue as to what the word 'NOT' means.

Please send it to me if you can!
can i please get this send to me please
Can you please send me code please I want to check if my fincee cheat on me. I beg u here my email u can send code for me ""
o0o please e-mail it 2 me @
can you email me the code? thanx! ;)
can I have it please?
send it to me at
can u please send me the code to view private profiles and pictures at
I can make a fortune collecting and selling everyones valid email addreess that you're all so eager to post up.
u go person above me!!!
wow. look at ALL them email addresses yall are a web spiders best friend..lmao
*copy and paste*.... *spams penis enlargement emails to all of the above*
Post a Comment

Subscribe to Post Comments [Atom]

Links to this post:

Create a Link

<< Home