Yes I was bored. After farting around with cardomain for a little while, I found I could automaticlly post in guest books just by entering the correct address in the address bar. You ever see all those annoying "Nice ride, check mine out sometime!" posts people make, to try to get their votes up? well you can now be just as annoying! This isn't limited to Cardomain. I found you could use the same method to add thousands of Facebook friends in a matter of minutes. I'll explain at the end of this post

Here is a link for posting a guest book on cardomain
http://www.cardomain.com/guestbook/259001?sign=1&message=nice%20ride!

"259001" is the member number. I believe this is assigned based on when you signed up, so the next user who signed up would be 259002, and so on. "?sign=1" is necessary...just a random flag. "&message=" this is where your message is. Every space you use needs to be replaced by a "%20".

There is a 30 second time limit in posting, but I believe that's based on cookies, and writing a simple script will avoid that.

As I said, this isn't limited to cardomain. Hacking facebook works the same way. Do it yourself is as follows. First, go through the process of adding a friend. Find someone you are not currently friends with, and click "add". You need to go through the steps until clicking once more will add a friend ("are you sure you want to add this person?" -> yes -> "are you really sure?" -> yes "Are you really really really sure?" -> last step, so stop).
Next, you will notice the address is seomthing like
http://clemson.thefacebook.com/addfriend.php?id=12700907
Notice the ID is a number. If you adjust the number, you will start cycling through facebook members. Now here is the tricky part. You will need to "view source." Find the snippet of code that says "are you sure you want to add Ms Sorwhore as a friend?" Embedded in this question, you will find several input variables. This is where you start assembling your address. Every time you see a "name=", that is the variable name. "name=confirmed value=1" for instance. you add that to your address like so:

http://clemson.thefacebook.com/addfriend.php?id=12700907&confirmed=1

Note, each variable is seperated by a "&"
If you log into facebook and paste that address, you will invite a random person named Lindsay to be your friend. Webpages may have multiple variables, as in the cardomain example. Each time, you seperate the variable with "&". To invite thousands of people, just add 1 every time you past that address. 12700907, 12700908, 12700909, et cetera. This technique is applicable to almost any webpage where you can post. Next time you write a blog look at the address bar. You can even post to a blog by entering the correct address.

Just so everyone knows, after poking about 300 people on facebook, I got a 6 hour restriction where I couldn't send any more messages or pokes :)

And there you go, HTML injection 101.