An Italian security researcher this week has developed the first web-based email worm capable of taking advantage of cross site scripting (XSS) vulnerabilities in multiple web-mail services.
Rosario Valotta described the new form of worm on his blog. The proof of concept, called Nduja Connection, could spread faster than a worm targeting only a single web-mail provider, he said.
Email worms propagate by extracting contact information from the add… read more »
July 13th, 2007 in
XSS Source:
zdnet.co.uk
Sophos says Java-based content is to blame. Child pornography is being injected into web forums by hackers using Cross Site Scripting (XSS), a technique typically deployed to distribute malware. According to Sophos principal virus researcher Fraser Howard, the attacks occur because many websites allow Java-based content on their forums, or do not require adequate user authentication for posting.
“Some of the same techniques that malware aut… read more »
One of the most popular mail solutions on the Internet, Google’s Gmail, was again affected by a vulnerability that can permit an attacker to view or delete some of the messages stored into an account. The Mountain View company’s employees were quite quick in fixing the flaw and managed to repair it in a few hours since it was reported. Basically, the vulnerability could be exploited through a malicious page that provided the attacker … read more »
Today we talk about Cross Site Request Forgery (also known as XSRF) abbreviated in CSRF, from which pronounce has come the friendly name “Sea Surf” Following the previous papers on Cross Site Scripting written by me, i thought it was an obvious step to deal with this theme: here i am then! This kind of vulnerability, which is very common and understimated, permits to make a victim user to send any kind of HTTP request to a website i… read more »
June 6th, 2007 in
Articles,
XSS Source:
playhack.net
