[WEB SECURITY] MySpace XSS+Phishing attack using Movies
Jason Muskat, GCFA, GCUX, de VE3TSJ
Jason at TechDude.Ca
Mon Dec 4 15:39:36 EST 2006
If one searches for YouTube for videos on being hacked one can find videos
documenting successful attack vectors. Most recently, users receive an
internal message, akin to an email, which bounces them to an ³popup-error²
page which then proceeds to delete all the victims video posts.
Jason Muskat | GCFA, GCUX - de VE3TSJ
e. Jason at TechDude.Ca
m. 416 .414 .9934
From: Billy Hoffman <Billy.Hoffman at spidynamics.com>
Date: Sat, 2 Dec 2006 12:45:55 -0500
To: Web Security <websecurity at webappsec.org>
Conversation: MySpace XSS+Phishing attack using Movies
Subject: [WEB SECURITY] MySpace XSS+Phishing attack using Movies
your profile it insert a fake login screen. pdp was talking about the a
month or 2 back. The article mentions something abouit "infecting friends"
but I'm not sure if it actually worms itself to other users. Wonder if they
are using XmlHttpRequest like Samy and Yamanner or iFrame remoting.
Original source is here:
Lead Researcher, SPI Labs
SPI Dynamics: http://www.spidynamics.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity