WHID 2007-69: The Orkut XSS Worm
A vulnerability in the social networking site Orkut that allowed users to inject HTML and JavaScript into their profiles set the stage for a persistent XSS worm that appears to have affected more than 650,000 Orkut users.
Additional information:
- The Orkut XSS Worm [GNU Citizen, Dec 19 2007]
- Orkut XSS [Sounds From The Dungeon, Dec 19 2007]
- Orkut XSS worm in the wild [CGI Security, Dec 19 2007]
- Orkut Worm Code (and why was Google so slow to respond?) [TechnoSocial, Dec 19 2007]
Attack Method:
Incident Outcome:
