Web Worms are quickly increasing in sophistication. This new
proof-of-concept multi-site XSS WebMail Worm, with
video, is capable of propagating across multiple WebMail providers using the
exponential XSS technique. Sure we knew it was theoretically possible before, but never seen anyone actually do it. Really interesting stuff. For the moment the industry is still largely in the PoC stage, but rest assured it’s only a matter of time being payload are made to be malicious. More and more people are experimenting.
Interesting PoC!
ReplyDeleteIt is nice example of XSS worm in Webmail and it's first multi-domain XSS worm in the Web.
Also with nice video demonstration :-).