Cross-site scripting worm floods MySpace

Scott | Uncategorized | Monday, October 17th, 2005

(via hacklog.com)

DJ_Vegas writes “One clever MySpace user looking to expand his buddy list recently figured out how to force others to become his friend, and ended up creating the first self-propagating cross-site scripting (XSS) worm. In less than 24 hours, ‘Samy’ had amassed over 1 million friends on the popular online community. According to BetaNews, the worm’s code utilized XMLHTTPRequest – a JavaScript object used in AJAX Web applications and was spreading at a rate of 1,000 users every few seconds before MySpace shut down its site. Thankfully, the script was written for fun and didn’t try to take advantage of unpatched security holes in IE to create a massive MySpace botnet.”

http://brokekid.net/wp-content/plugins/sociofluid/images/digg_32.png http://brokekid.net/wp-content/plugins/sociofluid/images/reddit_32.png http://brokekid.net/wp-content/plugins/sociofluid/images/stumbleupon_32.png http://brokekid.net/wp-content/plugins/sociofluid/images/delicious_32.png http://brokekid.net/wp-content/plugins/sociofluid/images/mixx_32.png http://brokekid.net/wp-content/plugins/sociofluid/images/twitter_32.png

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment

Powered by WordPress | Theme by Roy Tanck

Bad Behavior has blocked 440 access attempts in the last 7 days.