Tuesday, July 10, 2007

First multi-site XSS WebMail Worm (PoC)

Web Worms are quickly increasing in sophistication. This new proof-of-concept multi-site XSS WebMail Worm, with video, is capable of propagating across multiple WebMail providers using the exponential XSS technique. Sure we knew it was theoretically possible before, but never seen anyone actually do it. Really interesting stuff. For the moment the industry is still largely in the PoC stage, but rest assured it’s only a matter of time being payload are made to be malicious. More and more people are experimenting.

1 comment:

Anonymous said...

Interesting PoC!

It is nice example of XSS worm in Webmail and it's first multi-domain XSS worm in the Web.

Also with nice video demonstration :-).