Tuesday, October 24, 2006

Zero Day Flaw Found in MySpace

Via Dark Reading.

A researcher has published proof-of-concept code on a zero-day vulnerability he found on MySpace.com -- and another variation on the cross-site scripting (XSS) theme.

Called XSS fragmentation, the vulnerability consists of multiple chunks, or fragments, of JavaScript malware that can slip by a filter or firewall because individually they don't constitute a security risk. But when they are combined after hitting the site, they can then be dangerous.

More here.

0 Comments:

Post a Comment

<< Home