Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Orkut XSS Worm InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Orkut XSS Worm

Published: 2007-12-19
Last Updated: 2007-12-19 17:57:39 UTC
by Tom Liston (Version: 1)
1 comment(s)

A vulnerability in the social networking site Orkut that allowed users to inject HTML and JavaScript into their profiles set the stage for a persistent XSS worm that appears to have affected approximately 400,000 Orkut users.  The malicious code is apparently fetched from the site "" and is called, conveniently enough, "virus.js."

1 comment(s)
Diary Archives