| |
BetaNews | Cross-Site Scripting Worm Hits MySpace
by Decius at 9:49 am EDT, Oct 14, 2005 |
One clever MySpace user looking to expand his buddy list recently figured out how to force others to become his friend, and ended up creating the first self-propagating cross-site scripting (XSS) worm. In less than 24 hours, "Samy" had amassed over 1 million friends on the popular online community.
|
| |
RE: BetaNews | Cross-Site Scripting Worm Hits MySpace
by Malcolm at 4:32 pm EDT, Oct 16, 2005 |
Decius wrote: One clever MySpace user looking to expand his buddy list recently figured out how to force others to become his friend, and ended up creating the first self-propagating cross-site scripting (XSS) worm. In less than 24 hours, "Samy" had amassed over 1 million friends on the popular online community.
I found a site that has a Cross-site Scripting Virus/ Worm Paper and formatted MySpace virus code. It is easier to read. www.bindshell.net/papers/xssv.html |
|
BetaNews | Cross-Site Scripting Worm Hits MySpace
by Acidus at 10:59 am EDT, Oct 14, 2005 |
One clever MySpace user looking to expand his buddy list recently figured out how to force others to become his friend, and ended up creating the first self-propagating cross-site scripting (XSS) worm. In less than 24 hours, "Samy" had amassed over 1 million friends on the popular online community.
Basically the worm was XSS embedded in someone’s profile on MySpace. When someone would view the profile, they would execute the Javascript in their own browser. The payload of the XSS was Ajax which would make GET and POST requests to MySpace, adding the XSS Payload to that user’s profile. This spreads the worm! As with most worms using a new attack vector, this was harmless, adding the message “samy is my hero” to each infected profile along with the XSS payload Update: Here is the source code of the XSS Payload. I haven't had time to format it properly. I'll do an analysis of it later and post it to Memestreams. |
| |
RE: BetaNews | Cross-Site Scripting Worm Hits MySpace
by Johann Sebastian Bach at 10:49 am EST, Oct 31, 2005 |
Basically the worm was XSS embedded in someone’s profile on MySpace. When someone would view the profile, they would execute the Javascript in their own browser. The payload of the XSS was Ajax which would make GET and POST requests to MySpace, adding the XSS Payload to that user’s profile. This spreads the worm!
We couldn't do that before Google forced the introduction of javascript http requests to all major browsers. :o It is the same story all over again. A technology gets an update, people get more toys to hack with. Sweet. :) |
|
BetaNews | Cross-Site Scripting Worm Hits MySpace
by Rattle at 11:12 pm EDT, Oct 14, 2005 |
One clever MySpace user looking to expand his buddy list recently figured out how to force others to become his friend, and ended up creating the first self-propagating cross-site scripting (XSS) worm. In less than 24 hours, "Samy" had amassed over 1 million friends on the popular online community.
MySpace has gotten hit with the first XSS worm to target social networking sites. Here is some analysis from Acidus: Basically the worm was XSS embedded in someone’s profile on MySpace. When someone would view the profile, they would execute the Javascript in their own browser. The payload of the XSS was Ajax which would make GET and POST requests to MySpace, adding the XSS Payload to that user’s profile. This spreads the worm! As with most worms using a new attack vector, this was harmless, adding the message “samy is my hero” to each infected profile along with the XSS payload.
Acidus has also posted the source code of the XSS Payload, and says he plans to post a more detailed analysis later. |
| |
RE: BetaNews | Cross-Site Scripting Worm Hits MySpace
by falun at 4:17 pm EDT, Oct 23, 2005 |
Acidus has also posted the source code of the XSS Payload, and says he plans to post a more detailed analysis later.
http://fast.info/myspace/ -- Samy rambles, it's relative funny
http://namb.la/popular/tech.html -- Samy takes a shot at a techincal explanation -- not terribly in depth but a nice overview |
|
There is a redundant post from Mike the Usurper not displayed in this view.
|
|
