SELaplana >> Internet, Security >> MyBlogLog Bug

MyBlogLog Bug

Posted by Sustines Laplana, 19 February 2007 at Category/ies: Internet, Security
2 Comments »

I received a request from BlogMeme to become co-author of the community. I was thinking that it’s a clean invitation ( I mean an invitation with no negative intention like spamming, etc). But, ShoeMoney revealed that it’s a MyBlogLog exploit.

If you look at my profile on MyBlogLog You will see 2 sites that I did not add.

I wonder if Yahoo could be possibly liable here because basically Yahoo is saying that I said I own these sites… yet I did not…

Check out Jason Calacanis community. Evidently in addition to calacanis.com he also owns and authors seoadwords.com …. right….

So what else can people do with cross site xploits on mybloglog? Oh I think we are just seeing the tip.

The exploiter on this explains:

Choose ad a Co-Author, type in the MyBlogLog member name. (for example: Shoemoney). This sends out a e-mail to the user account with a link add yourself as a co-author. Now most people won’t open them, or they get picked up as spam.

Now exam the link:

http://www.mybloglog.com/buzz/add_author_conf.php?sid=&mid=

SID = Site ID, which is the community you author
MID = Member ID, which is the member the e-mail went to

Now, if you open that url, it will automatically add the author, no clicking, no form etc.

If you send author requests to a bunch of people. For example, yourself. Then find their memberID, your own SiteID, and insert them into the url, open in a browser. Bam, you have new authors on the community.

I am thinking if I will use this exploit… :-)

Automatically receive updates via email...
Enter your email address:
Tweet This
Bookmark and Share
Tweet This!

Comments

2 Responses to “MyBlogLog Bug”

  1. Eric Marcoullier says:
    February 20, 2007 at 11:44 am

    Dude, don’t even joke about using exploits. No good karma will come of it. In the meantime, we have not only turned off the exploit, we’ve also blogged about the entire experience and what we’re doing in the future. I hope you’ll have a look. http://mybloglogb.typepad.com/my_weblog/2007/02/weekend_spamtac.html

    Reply

Trackbacks/Pingbacks

  1. Eric Reaction On MyBlogLog Bug » SELaplana says:
    February 20, 2007 at 12:39 pm

    [...] MyBlogLog Bug [...]

    Reply

Leave a Reply

CommentLuv badge
«
»

Pinay Scandal

Actually, this terms refer to the photos, videos or any stories that reveal shameful, sxeperience, and secrets of some individuals or celebrities.

Follow What MyBlogLog Users Surf

Now I realized that Shoemoney became my source whenever I'm talking about hacks and exploits on the MyBlogLog. It seems that Shoe Money's passion now

Eric Reaction On MyBlogLog Bug

I am really impressed by the way Eric of MyBloglog reacted on my post about the MyBlogLog bug. Of course, when I said "I am

Yahoo! Tracks Google Adsense Clicks

I remember that it was Yuga who told us (Pinoy Bloggers) about the ability of MyBlogLog to track the Adsense Ads clicks on our blogs.

MyBlogLog Exploit

Did you know that you can actually manipulate the "Top 5 Links" widget of the MyBlogLog? Below, you can see the Top 5 links on my

MyBlogLog, Needs Community Manager

I noticed today an announcement posted by MyBlogLog to all its users that they are looking for a Community Manager, as shown below: I thought,

MyBlogLog Let’s You Own Someone’s Blog

Google Tutor successfully owned Matt Cutts blogs at the MyBlogLog. It's another exploit revealed by MyBlogLog's users after Shoemoney ended his expose on MyBlogLog's holes (a

The Advantage of Using MyBlogLog

I am already a member of the newly acquired site by Yahoo!, the "MyBlogLog", since October 31, 2006 as shown on the screen shot below

Why Stopped Using the MyBlogLog Widget?

User's Question We received the email from a visitor of this blog. The email was written in Tagalog, and we translated it to English. We will

Does Yahoo! Studied Adsense Through MyBlogLog?

I was absent on my blogging job yesterday (Sunday, February 25, 2007 - Philippine time) and I missed the MyBlogLog answer on the reaction of

MyBlogLog Banning Members

It seems that Eric and his team are now serious in moderating Yahoo! owned MyBlogLog. Today, I received a notice from its admin telling me to

Let’s Forgive Each Other

Finally, here's Jeremy Schoe's picture at the MyBlogLog members page, as shown below: Eric revealed at the MyBlogLog blog that Shoemoney is now unbanned. Featuring him

Feed Subscribers Now 700+

After I published my post on reaching the 500 mark of this blog's feed subscribers, one of our visitors emailed me this: SELaplana, It is very much

Tech Big Men Hitting Each Other Big Names

I noticed that this week is the week for the Tech's big men fighting each others through blogs. First, Scoble was saying something against the

Microsoft AdCenter Bug Fixed

The MyBlogLog's way of dealing its members who exposed some bugs of its system is still fresh in my mind. What I mean, is the

Banned Sites At Digg, Unbanned

Neil Patel revealed that some banned sites at Digg are now unbanned. It seems Digg has unbanned a list of sites by letting them back in.

www.sss.gov.ph static information

sss gov.ph SSS Online Inquiry

Bookmark and Share

Search the Site

Recent Posts

Updates


    Categories
      Recent Entries
      Making Money Online
      Board Examination Results
      Naruto Related
      Anime Episodes Guide
      Our Products
      My Other Posts
      User
      Tag Cloud
      Search Lyrics by Artists: 0-9 - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z