lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun Dec 18 22:42:19 2005
From: valdis at antivirus.lv (Valdis Shkesters)
Subject: about that new MySpace XSS worm

Hi,

The case with MySpace is not the first one when for a special environment,

such as social networking there is created self-propagating code.



In August this year in Latvian Internet there appeared a conceptual code

which was able to send himself to users of the site Draugiem.lv (analoque of

MySpace.com). Draugiem.lv has its own internal messaging system. By the way

of exploiting XSS vulnerability conceptual code (JavaScript) was able to

send himself to other friends when user only looked at the infected message.



The code is added to Kaspersky Anti-Virus database as Worm.JS.Graud.a.



Best regards,



Valdis



----- Original Message ----- 
From: "Xavier" <compromise@...il.com>
To: <full-disclosure@...ts.grok.org.uk>
Sent: Sunday, December 18, 2005 8:19 AM
Subject: [Full-disclosure] about that new MySpace XSS worm


Greetings,

A little while ago I bumped into this new XSS worm on MySpace, I wrote
about it on my blog (direct link:
http://xavsec.blogspot.com/2005/12/new-myspace-xss-worm-circulating.html)

But here is what I know thus far:

1) There is a XSS vulnerability in MySpace.com, in the form of an
unsanitized vulnerability in the variable name "TheName".
2) The XSS worm is propagating via malicious .swf Flash files, using
ActionScript and Cross-Domain data loading.
3) Thanks to the XSS, and http://www.myspace.com/crossdomain.xml (note
specifically: allow-access-from domain="*"/) the worm hit many users
across MySpace.

-- Xavier.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists