search myspace

http://search.myspace.com/ http://editprofile.myspace.com/ both contain many js code that crashes b3 everytime. turning off js allows you to see the page's but since js was turned off you can't do anything. my conclusion is b3/8.0 is worthless and needs to be recoded from scratch or make it open source so us coders can help fix these issues. until opera make's the browser stable i will not recommend any of my users/friends to use this or the next version's. the only version that seems to be stable was 7.2. i understand opera wants to keep the code secret but lets not turn a good browser into a pile of junk that ie is today. -- scott grayban (remove the no-spam in the email address to reply)

in search of john titor, the new album from andrew octopus, is available now. a dystopian scrambled cinema of hip-hop, science fiction, sound collage, synth-pop and journalism, in search of john titor explores the intellectual underground of resistance to the emerging empire, and the possibilities of language, drugs, beliefs and technology to redefine the world in which you live. check out the track "another fix" at www.soundclick.com/bands/5/andrewoctopusmusic.htm and "platinum decoder rings" at www.myspace.com/andrewoctopus stay well and remember.

my e-mail is uknowme...@yahoo.com thank u! if it doesnt work..send me a message..thanks!!! in myspace.com >>> holym...@yahoo.com ------------------------------­--- do you yahoo!? yahoo! mail - find what you need with new enhanced search. learn more.

i keep seeing more people submitting xss vulns on particular sites so i decided to submit the ones i'd found. myspace.com: xss exists in myspace search fields. some fields are protected but the profiles search field is not. query: ">;<script>alert(documen­t.cookie);</script> ruweb.net: xss exists in searching for unused domain names. query: ">;<script>alert(documen­t.cookie);</script> primus.com: xss exists in the logon to the customer care center. it is limited by the 20 char limit ;]. username: ">;<script>alert(documen­t.cookie);</script> consequences of this type of vulnerability could lead to session cookie theft. there are a few techniques in wich xss vulnerabilities like this can be exploited, such as convincing a user to click on a malicious link or sending out massemails that load malicious iframes to steal said users cookies. vendors were notified no response recieved. credit: cdp2906(at)gamma2.uta.edu a.k.a. rezen of xor research group http://xor.jrbach.com