Looks like they actually are using POST – see http://www.livejournal.com/community/evan_tech/150019.html for details.

yup ajax can post

Ajax can post.... hmm. Is that "correct" browser behavior? The W3C says "HTTP GET is safe; i.e., agents do not incur obligations by following links."
http://www.w3.org/2001/tag/doc/whenToUseGet-20030919

Didn't agents "incur obligations by following links" in the case of this MySpace worm?

It seems to me that this ability is a side-effect and not a feature.

Just makes you wonder how much of Web 2.0 has passed a rigorous security inspection.

I found this paper on XSS Viruses/Worms http://www.bindshell.net/papers/xssv.html. It explains the concept well.

Oops! that is: http://www.bindshell.net/papers/xssv.html

Please add me I'm a really cool person and i'll comment you comment your pictures and everything if you do the same to me =] please and thank yous. <3

[moved]

i want to make my myspace private but i don't know how...... and i need help

man i only got 475 friends i need like 1,000,000.does anyone know how to do this faster?

Hehe.. I only have 8 friends and I am way too busy to look and add more, so what can I do to just have people add me to their friends list? My personal freinds believe I am retarded for joining myspace, so that is another reason for not having many friends either.. add me or help me..