Presented at
DEF CON 15 (2007),
Aug. 5, 2007, 11 a.m.
(50 minutes).
This presentation will discuss how to hack MySpace.com using web application hacking methods implementing minimal tools outside of the internet, a text editor, and a cookie editor. How to find exploits will be discussed, as well as what to do with the exploits. Multiple exploits will be revealed and broken down. MySpace XSS filter evasion will be discussed. Session hijacking using cookies provided from MySpace will be proven and shown using patched exploits.
The live demonstration (with audience participation) will be using a 0-Day MySpace exploit! The methodology and practices used in the presentation will always be relevant to MySpace as well as many other sites containing Cross Site Scripting holes. MySpace is filled with hundreds of unattended and undiscovered Cross Site Scripting exploits. Discussion on how to prevent these attacks and secure sites using web applications will also be touched upon. Also, tips on how to mess with your friends :) . Questions and volunteers are encouraged!
Now everyone can have a crack at their friend's MySpace! Just don't ruin anyone's precious social life.
Presenters:
-
Rick Deacon
- IT Specialist
Rick Deacon is a full-time IT Specialist at an established CPA firm in Cleveland, Ohio. Rick is also a part-time student working to achieve a Bachelor's degree in Networking through the University of Akron. Rick has been involved in multiple web application attacks that have been reported and fixed. Rick has been involved in information systems security for a few years and continues to discover and learn in order pursue a career involving such.
Links:
Similar Presentations: