His curiosity
fueled him to poke at these imposed limitations.
Samy applied a mischievous idea from classic viruses to XSS that shook up the web
security community. Instead of luring a victim to an XSS vulnerability by himself, Samy
decided to use his XSS vulnerability to spread itself like a classic worm. The Samy worm
was extremely successful. It infected more than 1 million MySpace accounts in 16 hours
and forced MySpace to shut down for a few hours to contain the problem.
In this Case Study, we identify the HTML injection Samy found and thoroughly
discuss how he used the HTML injection to create an XSS worm.
In general, any web application that provides some sort of networking feature (e-mail,
comments, blog posts, instant messaging) will be vulnerable to this sort of attack if an attacker
finds an HTML injection. Hopefully, this case study will reinforce the importance of preventing
XSS in web applications.
FINDING SCRIPT INJECTION IN MYSPACE
As noted in Chapter 2, the first step to performing an XSS is to find a script injection
on the domain that you want to attack. In this case, Samy looked for a script injection
on www.myspace.com (or, equivalently, profile.
Pages:
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139