An article revealing a glitch on MySpace has again shown just how poorly implemented MySpace is, and just how careless people are in thinking their information is safe...even with a "private" profile.
I actually came across this hack on Tuesday, August 29th. The edge of i-hacked detailed the MySpace vulnerability which I tested and confirmed, and I'm not even a member. There is also another hack which allows you to view someones photos without being a member, but I won't detail that here.
The vulnerability detailed in i-hacked involves the use of a standalone template, or page. MySpace uses FuseBox, a framework for ColdFusion, along with other technologies. FuseBox has measures to prevent this. But to have a template accessible as a standalone page...inexcusable from a programmer's point of view and evidence of sloppy coding. A web-programmer using templates must make sure the templates cannot be accessed outside the intended process flow...this is pretty basic stuff here.
*sigh*
--- UPDATE 01/28/2007 ---
Sorry everyone. The photo hack no longer works.
**Included for archival purposes. This was very popular on my old blog, but no one is going to post a hack and I don't have a hack. I don't even like MySpace.