You have got to love MySpace. Their code has got to be so nasty, I mean, just the markup on a profile makes me sick to my stomach, I can't imagine the pasted together backend that would generate that mess.
When I got an event invitation I went to RSVP and had a thought. I wondered how well they error checked their inputs. I mean, I'm sure they strip and escape for SQL injection, but do they constrain anything?
I busted out Firebug, edited the source for the RSVP and now I'm bringing several tens of thousands of friends with me to the party. Awesome.
Click for biggies.
(Note: the 91213 didn't work, too big I bet)