Paid Advertising
web application security lab
« Cross Site Scripting Vulnerability in Google
Full-disclosure extortion of MyYearbook.com »

MyYearbook.com XSS worm

Unsticky and Luny both brought my attention to a few cross site scripting worm variants that are currently being exploited in MyYearbook.com. The owner of the site’s account has been hijacked and another group named Hackers with style (I couldn’t find an associated website to the group) are claiming to have a large number of usernames and passwords. Looks like the site is pretty was completely offline for some time - possibly for repairs.

This is one variant of the worm that unsticky wrote (not sure if this is the original functioning one that has successfully hacked over 1MM accounts or a future broken version that someone modified) that Luny sent me, for those who are curious:

This entry was posted on Wednesday, July 5th, 2006 at 12:43 pm and is filed under XSS, Webappsec. You can leave a response as well.

7 Responses to “MyYearbook.com XSS worm”

  1. unsticky Says:
    July 5th, 2006 at 1:43 pm

    That’s not exactly my code… bits of it are, but most of its server supplied formatting (oh the ’s!). I sent you an email with the clean codes, plus the codes for each variant I found, and a new project I’m working on.

  2. RSnake Says:
    July 5th, 2006 at 4:47 pm

    As a side note, I found a link off of Luny’s site where one of the Hackers With Style guys keeps his web-presense. Triphase is located here.

  3. oyunlar Says:
    May 5th, 2007 at 8:04 am

    That’s not exactly my code… bits of it are, but most of its server supplied formatting (oh the ’s!). I sent you an email with the clean codes, plus the codes for each variant I found, and a new project I’m working on.

  4. devin gates Says:
    September 27th, 2007 at 6:08 pm

    hey someone has hacked my acocunt and i dont know how to get rid of them and it is really driving me nuts i deleted all of my watever items hoping that the code would be in there but they are still able to acces it if i just change my email address would that stop them? plz help me i wan tthis guy out of my acocunt

  5. anonymus Says:
    March 16th, 2008 at 9:28 pm

    Every time I log into my MyYearbook.com account, and I go to check my messages, it takes me to random people’s accounts. I AM NOT hacking anyone’s accounts, so I have no idea how this is happening. It is basically taking me to a new person inbox everytime I click the mail button. I have no idea how this is happening! I think the website should be shut down, because people’s personal account information is being released to the public.

  6. Gillian Says:
    April 6th, 2008 at 1:08 am

    i cant access the site at all! neither firefox nor IE will load the page, keeps saying connection timed out/page could not be loaded etc etc. does anyone know if its just me who cant access it or is the full site down? if it is just my pc, how do i fix this?

  7. Ryan Says:
    June 28th, 2008 at 9:21 pm

    ok this is what i did when they got me the second time.. if you can still log in go to settings (top right of you page) and change your email back. then i logged out.. then i sent off saying i lost my password and the password they were using is (hacked) without the ().. so go loggin and use hacked as the password.. back to setting and then click change password and that should be the old password there using…… but i deleted my account because almost everyone will be hit..

Respond here or Discuss On the Forums