O'Reilly logo

Real-World Bug Hunting by Peter Yaworski

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

7CROSS-SITE SCRIPTING

Image

One of the most famous examples of a cross-site scripting (XSS) vulnerability is the Myspace Samy Worm created by Samy Kamkar. In October 2005, Kamkar exploited a vulnerability on Myspace that allowed him to store a JavaScript payload on his profile. Whenever a logged-in user would visit his Myspace profile, the payload code would execute, making the viewer Kamkar’s friend on Myspace and updating the viewer’s profile to display the text “but most of all, samy is my hero.” Then the code would copy itself to the viewer’s profile and continue infecting other Myspace user pages.

Although Kamkar didn’t create the worm with malicious ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required