Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
XSS worm hits
Published: 2005-10-19

A self-propagating cross-site scripting (XSS) worm affected a million profiles on earlier this month, and security experts are concerned this could be the start of a new trend.

The process began when a user, going by the name of “Samy” placed Javascript code in his profile. When other users would view Samy’s profile, the code would initiate a background request (via Ajax) to add Samy to that user’s friend list – bypassing the typical approval process. The next step in the process made the code self-replicating. This involved parsing out the code being executed and copying it to the viewing user’s profile. The process would then repeat at the next view of the newly infected user’s profile, according to an interview with Samy on Google Blogoscoped.

The spread of the virus limits itself to the Web site and can essentially create a denial-of-service attack, because of the exponential growth of the attacker's friends list, Adam Biviano, a senior systems engineer at Trend Micro Australia, told ZDNet News.

Although the worm is not a risk to other sites, site administrators would be wise to keep a close eye on potential XSS vectors, as the threat from worms that use community sites is only increasing.

Posted by: Peter Laborge
    Digg this story   Add to  
Comments Mode:
RE: Web Application Security 2005-10-25


Privacy Statement
Copyright 2009, SecurityFocus