Cross-Site Scripting Hits Major Sites

Posted by ryuzaki0 on Monday September 25, 2006 @03:09AM from the scriptdidy-doo-daa-scriptdidy-day dept.

An anonymous reader writes "Dark Reading and SC Magazine covered a story about hackers posting cross-site scripting (XSS) vulnerabilies en mass on dozens of high profile websites including Dell, MSN, HP, Apple, Myspace, YouTube, MSN, Cingular, etc. The media coverage drew the hacker's attention to the publication's websites where they got a taste first-hand. On message board wall-of-shame is PC World, MacWorld, Fox News, the Independent, and ZDNet UK. "...not only did we get the "scoop" on the XSS site problems, but we also got the message loud and clear: Don't assume you're immune to XSS vulnerabilities. They're everywhere." The news comes shortly after Mitre (CVE) released statistics showing XSS has become the most popular exploit. Unfortunately new XSS attacks are growing increasingly severe and scanners are unable to find many of the issues on modern websites."

4 of 161 comments (clear)

Min score:

Reason:

Sort:

Scripting? by Anonymous Coward · 2006-09-25 03:16 · Score: 3, Funny

document.write("It's very hard to check for XSS. I can understand why most people don't bother.")
In soviet russia.. by djuuss · 2006-09-25 03:30 · Score: 4, Funny

.. XSS links YouTube

--

my capcha was condom
But of course Slashdot... by Billosaur · 2006-09-25 03:35 · Score: 3, Funny

...remains unaffec... FOJSF{09fiE*EU90av['vlwIOA934MAwadpskf[aepfkfa[-09 u9a

--
GetOuttaMySpace - The Anti-Social Network
1. Re:But of course Slashdot... by finiteSet · 2006-09-25 06:11 · Score: 2, Funny
  
  A while ago, someone posted a link to a webpage that, when clicked, caused their post to be moderated up.
  Do you have a link to support this claim?
  
  --
  If we start buying CDs then the terrorists have already won.