CEO of Bit Discovery, Professional Hacker, Black Belt in Brazilian Jiu-Jitsu, Off-Road Race Car Driver, Founder of WhiteHat Security, and Maui resident.
Tuesday, July 10, 2007
First multi-site XSS WebMail Worm (PoC)
Web Worms are quickly increasing in sophistication. This new proof-of-concept multi-site XSS WebMail Worm, with video, is capable of propagating across multiple WebMail providers using the exponential XSS technique. Sure we knew it was theoretically possible before, but never seen anyone actually do it. Really interesting stuff. For the moment the industry is still largely in the PoC stage, but rest assured it’s only a matter of time being payload are made to be malicious. More and more people are experimenting.
Posted by Jeremiah Grossman at 11:52 AM
Subscribe to: Post Comments (Atom)
It is nice example of XSS worm in Webmail and it's first multi-domain XSS worm in the Web.
Also with nice video demonstration :-).
Post a Comment