[WASC-WHID] WHID 2011-64: Facebook Bully Video Actually a XSS Exploit

WASC Web Hacking Incidents Database wasc-whid at lists.webappsec.org
Mon Apr 25 09:14:40 EDT 2011


*Entry Title: *WHID 2011-64: Facebook Bully Video Actually a XSS Exploit
*WHID ID: *2011-64
*Date Occurred: *April 7, 2011
*Attack Method: *Cross Site Request Forgery (CSRF)
*Application Weakness: *Insufficient Process Validation
*Outcome: *Worm
*Attacked Entity Field: *Web 2.0
*Attacked Entity Geography: *USA
*Incident Description: *A security researcher has identified a bully video
as a malicious app exploiting yet another cross-site-scripting vulnerability
on Facebook with a very sophisticated payload.
*Mass Attack: *No
*Reference: *
http://www.eweek.com/c/a/Security/Facebook-Bully-Video-Actually-a-XSS-Exploit-121829/
*Attack Source Geography: *
*Attacked System Technology: *Facebook
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-whid_lists.webappsec.org/attachments/20110425/54fd3a11/attachment-0003.html>


More information about the wasc-whid mailing list