xanga hacking
Ever wonder why you need to type in your username and password again when you try to change your “Look and Feel” in xanga?
As xanga stated in the head of that page, it’’s for enhanced security, especially against XSS.
In a simpler and less-technical terms, that means without that extra login, I could put a script(worm) in my xanga, which inserts the same script into your xanga when you view my xanga. So, when another person looks at your xanga, the injected script will further infects the next people who view your xanga.. so on so forth.. until when? until xanga engineer discover this and take action to stop it..
These worms could do things more than just propagate the infection. It could also do other stupid things like comments booming, helping you to write a silly entry in xanga etc. A smart dude hacked MySpace (something like friendster) using similar technique and successfully got 919,664 friend request in 5 hours.
What if I tell you now that your xanga is now having some scripts already installed? Don’‘t panic, scripts have its good side. I have a lot of freinds’’ xanga which have a hit-counter installed. Those hit counters usually require you to insert some text inside your xanga. Yeah, that’’s a script, but not a evil one.
Found interestings? Come and study computer science then.
