.comment-link {margin-left:.6em;}
Xavier's Security Post
Friday, October 14, 2005
  The beginning of XSS worms
A MySpace user by the name of "Samy" figured out how to slip a XSS attack into a CSS tag. Thus, he was able to successfully exploit 1) a hole in myspace.com's coding, and 2) a large victim base. The attack doesn't seem to be executed by Firefox/Mozilla users, but IE/Opera/Safari and possibly other obscure browsers.

Instead of just stealing a few cookies belonging to victim users, he decided to try his luck at propagating the attack. In fact, he was not only able to have people add him automatically to their friends list, but also the XSS attack itself was written to the victims' own profile thus creating a worm. It spread to the hundreds, then to thousands, until it reached millions. After some time it was fixed up.

Here are some reading material to fill your interests:
http://www.betanews.com/article/CrossSite_Scripting_Worm_Hits_MySpace/1129232391
http://www.livejournal.com/community/evan_tech/150019.html (the code itself)
http://blog.outer-court.com/archive/2005-10-14-n81.html (an interview with the author)
 
Comments: Post a Comment



<< Home
This public blog will be a place for me to output any Security findings, both technological and physical, that I have come about. I will post Security advisories I was apart of, and also other interesting bits of knowledge. email: xavier [at] tigerteam.se

RECENT RELEASES
Rocks Clusters <=4.1 mount-loop local root
Rocks Clusters <=4.1 umount-loop local root
TSEAD-200606-6 - Rocks Clusters <=4.1 local root
xorgmodroot.py - Xorg-server 1.0 / <=X11R6.9.0-7.0 local root
TSEAD-200509-5 - Multiple Netscape.com vulnerabilities.
TSEAD-200512-3 - Multiple vulnerabilities in KISBG <=v5.1.1
fsigk_exp.py - FSIGK for Linux <=2.10-431 local root
TSEAD-200510-4 - FSIGK for Linux <=2.10-431 advisory
ritk.php - remote inclusion pentest tool
owm_exp.py - openwebmail <=2.51+ local root
perliodebug_exp.py - perlIO_debug 5.8.* local root
bankfix.py - bank card number lookup tool
TSEAD-200412-2 - AOL XSS/file read vuln
TSEAD-200412-1 - AOL redir vuln

ARCHIVES
September 2005 / October 2005 / November 2005 / December 2005 / March 2006 / April 2006 / May 2006 / June 2006 / July 2006 / September 2006 / October 2006 /