Full Disclosure mailing list archives
First cross-domain XSS worm (not)
From: "Berend-Jan Wever" <berendjanwever () gmail com>
Date: Mon, 16 Jul 2007 16:51:22 +0100
Hi all, I recently stumbled upon this; http://ha.ckers.org/blog/20070709/nduja-cross-domainwebmail-xss-worm/ In short: It mentions a "new" kind of XSS worm; one that can infect multiple domains. I attempted to reply but my reply mysteriously never made it to the page. In an attempt to set the record straight on XSS worms, I'll post my reply here: (Cross-domain) XSS worms are much older than Samy or Nudja: http://archive.cert.uni-stuttgart.de/bugtraq/2002/10/msg00122.html It's been 5 years, I can see how you forgot about it. Samy and Nudja can claim the prize for the first _publicly_released_ XSS worms, but they are definately not the first of their kind. Also, it is a misconception to think that worms can only exists because of Ajax; a worm can just as easily spread without XMLHTTPRequest. I've been told that people saw XSS worms as early as 2000, but I have found no evidence to support this: let me know if you know something. Cheers, SkyLined -- Berend-Jan "SkyLined" Wever <berendjanwever () gmail com>
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- First cross-domain XSS worm (not) Berend-Jan Wever (Jul 16)
- Re: First cross-domain XSS worm (not) Valdis . Kletnieks (Jul 16)