myspace xss'ed

I recently have been doing research on various types of injections such as;xss,vbscript,jsscript,html injections.So I was wondering if it is possible(if so how difficult) to utilize any of these attacks against websites such as myspace,xanga,and youtube

Youtube has a possibilty to XSS now you mention it ;)

Most of them have XSS but there is not much you could actually do to them though as most of them will have a general protection against cookie stealing

I presume you are talking about the you tube searchbox XSS

Good guess ;)

Alot of sites have this exploit though. It isn't that spectacular :p

Instead of asking us, why don't u try to see if theyre vulnerable? ;)

Good point bluemoose, though I have been,I was just trying to see if I was waisting my time.Also another site everybody needs to look at is ebaumsworld.com I've recently found an xss exploit and i'm pretty sure there's more.

well since everyone is into XSS hole (personally I am bored of them) check out my list, 101 XSS holes, bugtraq wouldn't accept it so f-them… tell me what you think. http://www.nanoy.org/50XSS.txt

edit BTW I have already tested for file include vulns" and I have another list for them… /edit

Rofl nice collection dude!

Hehe, nice nanoy ;)

Ya a ton of sites I go to have XSS vulns, seems like most sites don't even know about XSS…sad lol

There are XSS flaws in most sites, I used to have 0days for MySpace but didn't bother keeping them stored, because I don't care about myspace.

Having an XSS flaw isn't as trivial as a lot of people think, cookie stealing is only the start of what you can do.

unfortunatly whiteacid thats not true I saw a while ago on HTS an articl on a keylogger you can insert for XSS there is loads you can do with it, especially if you can insert php code (it's rare but posable)

That's my point, you can steal data from password managers, you can cause people to XSS others, you can tamper with their router (if it too has flaws), you can port scan them (yes, JS can portscan).

HA HA HA XSS on Myspace. Im pretty sure its possible. Ive done it before but that was before they secured their asshole up tight.

You might come across an article in 2600 about XSSing Myspace through their search engine because it used to be vulnerable. Well too late to try it because they patched that up as well.

Take my advie since ive hacked 4 myspaces already.

Wait for Myspace to be in Maintence. For some reason their scripts i guess stop working as well and a lot of simple things can slip in. :)

Have Fun, No Malicious crap

has anyone tried a cookie stealer image on myspace? idk if it would work, they probably have their cookies only accepted that one way i can't think of at the moment lol

tried.. no use. and embeded src stuff wont work either.

just read above post. and do wat i say you should