Topics
Tags
Favorite Links
Translate
Pick Your Language
Security Books
Archives
Recent entries...
Twitter
Sponsored Ads
Popular Pages
Sponsored Ads
The Web Security Mailing List

« SVN Flaw Reveals Source Code to 3,300 Popular Websites | Main | CGISecurity turns 9 »

Reddit XSS worm spreads

UPDATE: Reddit has posted a blog entry at http://blog.reddit.com/2009/09/we-had-some-bugs-and-it-hurt-us.html addressing this.

"Popular social news website Reddit has stopped the spread of a cross-site scripting (XSS) worm that hit the site on Monday.

The XSS worm spread via comments on the site, originally from the account of a user called xssfinder.

Reddit failed to filter out JavaScript in some cases, specifically when a user hovered his or her mouse over a link, a factor the miscreants behind xssfinder's account exploited to run a proof of concept attack." - TheRegister

Read more: http://www.theregister.co.uk/2009/09/28/reddit_xss_worm/

Posted by Robert A. on 09/28/2009 in Funny , Incidents , IndustryNews , Worms , XSS | Permalink | Reddit

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.


All Comments are Moderated and will be delayed!



hello,
you can find a good explanation of xss here: http://www.applicure.com/answers/cross_site_scripting/What-is-XSS.html

Posted by: Anonymous | Sep 29, 2009 1:40:47 AM

Post a comment







Remember personal info?


Copyright 2000-2009 CGISecurity.com | Privacy Policy| java mailing list| resolve ip| Mailing Lists | Sony deals