fbpx
4

How to Surf As Someone Else & Trick MyBlogLog

Posted on 22nd February, 2007

I don’t know why MyBlogLog leaves this vulnerability literally in plain sight.

Jeremy of ShoeMoney shows how you can surf the web as other MyBlogLog members.

If you are using Firefox, locate your cookies.txt file and look for the line that says something like

 

 

 

 

 

.mybloglog.com TRUE / FALSE 120364175 mbl_sid ****************

Where ************* is some string of numbers to identify your MBL id.

If you want to be someone else, just change the string to whoever you want to be. You don’t need to be a member of mybloglog to exploit this bug.

To get someone’s MBL id,

  • visit their page where the MBL avatar is displayed.
  • Right click their avatar and click View or Copy Location
  • You’ll see a URL ending with 200705112235594_avatar.jpg
  • The string of number is the SID

At the moment of this writing, the bug has not been patched.

Update: Eric of MyBlogLog pointed out that the bug has now been fixed.

Gaman
 

  • If you can show me this trick still running, I’ll be glad to investigate. As it stands though, we’ve upgraded all the code and are pretty confident that it’s closed.

  • Ashish Mohta says:

    Whats the use of surfing like that.Its better to know people u went there to see their blog rather than hide

  • sundait says:

    Gaman…

    Its going to increase your blog visitor if I use your MBL id..LOL 🙂

  • locos says:

    still not understand how the bug can increase blog visitor

  • >
    Scroll Up