Zero Day Flaw Found in MySpace

A researcher has published proof of concept code on a zero day vulnerability he found on MySpace.comand another variation on the cross site scripting (XSS) theme.

Called XSS fragmentation, the vulnerability consists of multiple chunks, or fragments, of JavaScript malware that can slip by a filter or firewall because individually they don't constitute a security risk. But when they are combined after hitting the site, they can then be dangerous.

XSS fragmentation is rare, but a potentially powerful vulnerability that could be used against community-based sites such as MySpace or Web-based mail systems, security experts say. Dark Reading - Application and Perimeter Security - Zero Day Flaw Found in MySpace - Security News Analysis

Linked by shanmuga Wednesday, 25th October 2006 10:19PM