Cenzic 232 Patent
Paid Advertising
web application security lab

Xanga XSS worm

This was an interesting variant of the Myspace worm, using the same XSS tools, but using a different vector. They used a style sheet URL with a JavaScript directive that was broken up by whitespace. This is a nice working example of filter evasion in the real world.

Comments are closed.