Jeremiah Grossman: First multi-site XSS WebMail Worm (PoC)

Tuesday, July 10, 2007

First multi-site XSS WebMail Worm (PoC)

Web Worms are quickly increasing in sophistication. This new proof-of-concept multi-site XSS WebMail Worm, with video, is capable of propagating across multiple WebMail providers using the exponential XSS technique. Sure we knew it was theoretically possible before, but never seen anyone actually do it. Really interesting stuff. For the moment the industry is still largely in the PoC stage, but rest assured it’s only a matter of time being payload are made to be malicious. More and more people are experimenting.

1 comment:

Anonymous said...: Interesting PoC!

It is nice example of XSS worm in Webmail and it's first multi-domain XSS worm in the Web.

Also with nice video demonstration :-).; July 12, 2007 at 12:53 PM

Post a Comment

BIO

Jeremiah Grossman brings 20+ years of experience in Computer Security and has become one of the most recognizable and world-renowned cybersecurity experts in the industry, coining several of the original hacking terms commonly used around the world today. Early in his career, Jeremiah was known as “The Hacker Yahoo” which led to his role as the company’s Information Security Officer. Jeremiah founded WhiteHat Security (now Synopsis), and served as Chief of Security Strategy for SentinelOne which was the highest-valued cybersecurity IPO in history. Most recently, Jeremiah was the founder & CEO of Bit Discovery, which was acquired by Tenable in 2022. He also serves as a company advisor and board member to several tech startups. In his spare time, Jeremiah does Brazilian Jiu-Jitsu and is passionate about classic cars. He recently opened Toybox, a luxury car club in Boise, Idaho.