[WEB SECURITY] Netscape.com persistent XSS attack

Jeremiah Grossman jeremiah at whitehatsec.com
Wed Jul 26 18:45:22 EDT 2006


I caught this first on RSnake's blog. Netscape.com's newly launched  
user-driven service (Digg-like) has suffered a persistent cross-site  
script (XSS) attack. They've since fixed the vulnerability, but not  
before some choice screenshots were taken of JavaScript alert  
messages. Addition URL references below.

*OBSCENITY WARNING*


Netscape.com XSSed Due to Failure to Act
http://ha.ckers.org/blog/20060726/netscapecom-xssed-due-to-failure-to- 
act/

AOL Fixes Netscape.com XSS Hack
http://www.betanews.com/article/AOL_Fixes_Netscapecom_XSS_Hack/ 
1153940441

NetScape.com - JavaScript Exploit Embaressment
http://www.threadwatch.org/node/7714

Netscape.com hacked
http://www.f-secure.com/weblog/archives/archive-072006.html#00000927
http://www.f-secure.com/weblog/archives/Netscape1.jpg
http://www.f-secure.com/weblog/archives/Netscape2.jpg

http://flickr.com/photos/shrikant/198733894/


Regards,

Jeremiah Grossman
CTO, WhiteHat Security
www.whitehatsec.com



----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list