Cenzic 232 Patent
Paid Advertising
web application security lab

Fierce Finds MySpace Adminstration Console

Fierce domain scannerI can’t say this really surprises me too much give my own results of other high profile domains, but x90 (NOP) was able to locate MySpace’s administration console. That just sounds like a bad idea - leaving the gateway to your administration publically facing. He was able to get it to error out which provided some interesting results as well.

Fierce is a good first-pass reconnaissance tool, and as you can tell it shows you thinks that aren’t obvious at first blush when you aren’t sure what is hosted at the domain. In just a few minutes of testing you can uncover huge swaths of vulnerable targets to exploit. This is no exception. It’s neat seeing people try it out and see what it can find for you. Let me know if anyone else finds interesting results or case studies. In the meantime, I hope MySpace knows enough to take this server off-line until they can harden it or at minimum move it to a less obvious place.

5 Responses to “Fierce Finds MySpace Adminstration Console”

  1. Fierce Finds MySpace Adminstration Console of Myspace Html Codes Blog Says:

    […] Original post by RSnake for Myspace News Fierce Finds MySpace Adminstration Console […]

  2. John @ NIST.org Says:

    They don’t even have HTTPS (SSL) access for this login. If there are any network admins at myspace with a packet sniffer now is your chance.

    Makes one wonder. If you use MySpace don’t use the same password you use elsewhere.

  3. RSnake Says:

    Hahah… the only way this isn’t terrible security is if it’s a honeypot. But alas, I highly highly doubt it is.

  4. Denial Of Service » Blog Archive » Fierce Finds MySpace Adminstration Console Says:

    […] From: http://ha.ckers.org/ […]

  5. Joey Baltimore Says:

    http://216.178.32.132/index.cfm?action=login

    Thanks google