MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

1.2.09

MySpace susceptible to threats through XSS

During the past month was reported a vulnerability in the popular MySpace social networking site through which an attack through the type XSS (Cross-SiteScripting) can spread malware or commit other malicious acts such as theft of profiles.

XSS is a type of scripting attack that seeks to exploit vulnerabilities in the application code that interpret HTML, and while MySpace incorporates certain layers of protection to prevent attacks such as the block of the script tag, the flaw allows bypasses block so an attacker could insert and execute malicious script as follows:

Despite this flaw through the information is exposed, and security profiles of users, MySpace makers seem to view the side because the vulnerability has not yet been resolved. The problem was reported by its discoverer Daniel Lo Nigro on 19 January this year, who gave an example of"script insertion" made without receiving any response from MySpace.

http://www.myspace.com/index.cfm?fuseaction=user.viewprofile&friendID=446695851

It is not the first time, and surely not the last, that MySpace is suffering from insecurity through scripting attacks. The worst part is that it makes complete availability information, profiles and security of its users.

Jorge Mieres

0 comentarios:

Post a Comment