Full Disclosure mailing list archives
about that new MySpace XSS worm
From: Xavier <compromise () gmail com>
Date: Sun, 18 Dec 2005 01:19:13 -0500
Greetings, A little while ago I bumped into this new XSS worm on MySpace, I wrote about it on my blog (direct link: http://xavsec.blogspot.com/2005/12/new-myspace-xss-worm-circulating.html) But here is what I know thus far: 1) There is a XSS vulnerability in MySpace.com, in the form of an unsanitized vulnerability in the variable name "TheName". 2) The XSS worm is propagating via malicious .swf Flash files, using ActionScript and Cross-Domain data loading. 3) Thanks to the XSS, and http://www.myspace.com/crossdomain.xml (note specifically: allow-access-from domain="*"/) the worm hit many users across MySpace. -- Xavier. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- about that new MySpace XSS worm Xavier (Dec 18)
- Re: about that new MySpace XSS worm Valdis Shkesters (Dec 18)
- RE: about that new MySpace XSS worm Debasis Mohanty (Dec 19)
- Re: about that new MySpace XSS worm Kevin Pawloski (Dec 19)
- RE: about that new MySpace XSS worm Debasis Mohanty (Dec 19)
- Re: about that new MySpace XSS worm Xavier (Dec 19)
- RE: about that new MySpace XSS worm Debasis Mohanty (Dec 20)
- RE: about that new MySpace XSS worm Debasis Mohanty (Dec 19)
- Re: about that new MySpace XSS worm Valdis Shkesters (Dec 18)