This was an interesting variant of the Myspace worm, using the same XSS tools, but using a different vector. They used a style sheet URL with a JavaScript directive that was broken up by whitespace. This is a nice working example of filter evasion in the real world.

This entry was posted on Thursday, January 1st, 1970 at 12:00 am and is filed under XSS, Webappsec. You can leave a response as well.