Cross Site Scripting (XSS)

The Samy worm at my space is now a classic, both a sophisticated attack and a well documented one, it became a case study in the web application security field. Recently Robert Hansen (RSnake) wrote a very interesting blog entry about Samy and what happened to him since.

Additional information:

My Lunch With Samy [ha.ckers, Mar 10 2007]
MySpace XSS worm writer notes [bindshell, Apr 10 2005]
MySpace XSS worm source [bindshell, Apr 10 2005]
MySpace XSS virus development [bindshell, Apr 10 2005]
Cross-Site Scripting Worm Hits MySpace [Beta News, Apr 10 2005]

Add new comment

WHID 2006-11: Teenager claims to find code flaw in Gmail

[View]

Add new comment

WHID 2006-34: XSS Exploit at sms.ac

[View]

Add new comment

WHID 2007-86: Mac Blogs defaced using XSS

[View]

Add new comment

WHID 2005-8: eBay Redirect Becomes Phishing Tool

[View]

Add new comment

WHID 2006-5: Hotmail XSS (1)

[View]

Add new comment

WHID 2006-36: PayPal Flaw Gets Accidental Two-Year Reprieve?

[View]

Add new comment

WHID 2008-20: XSS Worm At Justin.tv Affects 2525 Profiles

[View]

A proof of concept XSS worm crawled justin.tv, a popular lifecasting platform. The warm succeeded in planting a self replicating code on 2525 accounts in less than 24 hours before the vulnerability was fixed.

Additional information:

XSS Worm At Justin.tv Affects 2525 Profiles [CyberInsecure, Jul 15 2008]

Add new comment

WHID 2004-13: SunTrust site XSS vulnerability exploited by for phishing

[View]

Add new comment

Latest Stories

WAFs are not perfect, but is any security tool perfect? (Feb 9th 2010)
Forrester estimates the WAF market to be $220M in 2010 (Feb 9th 2010)
ModSecurity exceptions for TYPO3 (Jan 20th 2010)
Presentation about WAFs in the cloud (Jan 15th 2010)
The curse of PCI for WAFs (Jan 11th 2010)
A New Year, a New Acronym (Jan 10th 2010)
A Remote Command Injection Vulnerability Applicure's dotDefender Site Management. (Dec 10th 2009)

Navigation

Subscribe:

Xiom is the place to find information about Web Application Firewalls (WAFs) including reviews, analysis, announcements and research. Tune to the RSS channel to get every bit of information or subscribe to the newsletter to receive only in depth articles.

Xiom also leasd and hosts the Web Hacking Incidents Database, a Web Application Security Consortium project aimed at maintaining a list of web applications related security incidents.

Xiom is a community web site lead by Ofer Shezaf.

Xiom.com

The Web Application Firewalls Information Center