XSS WORM Cross Site Scripting Attacks (XSS) Information Portal 2.0
We are proud to announce the grand-opening of XSS Worm : Cross Site Scripting Attacks ™ - http://www.XSSworm.com - Cross Site Scripting Attacks : the new site for discussion of XSS (also known as CSS (not to be confused with Cascading Style Sheets (also sometimes referred to as CSS)) vulnerabilities) security issues in web-enabled networks and dynamic Internet applications.
XSS - a word commonly used by modern security experts to categorize a wide range of emerging web-enabled security threats. This unpronounceable word was once said to derive from the common term “Cross Site Scripting” (the leading X in this instance perhaps alluding to the Cross of the popular novel.) Yes friends our Web sites are being more complicated from day to day; and the web sites which has been produced by html is decreasing on the net. The popular ones are php;asp;jsp and other technologies and with this increasing the attacks are being more dangerous.
It’s very common and unfortunately still an issue we have to deal with in many web-aware applications. Internally the XSS WORM Team has been working on several XSS Security projects to help mitigate and fix these security issues, as well as to detect them in the code sources that are available online so that they can be fixed a worm is developed.
Go straight to the XSS Security discussion forum!
According to a new study, up to over 90% of all (100%) web sites may be vulnerable to some form of security attack.
Prominent Jeremiah Grossman of WhiteHat Security (whitehat.com) — the Web applications security founded by vulnerability scanning whiz Jeremiah Grossman — concludes that as many as 90 percent of all the sites that it has tested in the last year remain open to some form of hijack or infection.
The leading problem remains many sites’ vulnerability to cross-site scripting (XSS) hacks, through which attackers place malicious code on legitimate sites to trick end users into handing over their personal information or passwords.
As many as 75 percent of the pages scanned by WhiteHat had some form of XSS-exploitable flaw, according to the paper. But it’s not only XSS Worms that application developers have to be conerned about - according to Whitehat, Cross Request Forgery attacks are emerging as the “new .. [xss] ” and hackers are scrambling to update their virus engines.
“The best way to think about Response Splitting is that it’s executed similarly to Cross-Site Scripting (XSS) … but more powerful.“
Jeremiah Grossman
As in the rest of the online world, however, WhiteHat contends that XSS threats top the list of vulnerability classes by vertical, followed closely by Information Leakage.“These statistics continue to reveal recurring and emerging issues that are affecting Web sites across industries,” said Grossman, who wears the title of CTO at WhiteHat. “As increasing amounts of sensitive data are stored online, WhiteHat remains vigilant about alerting companies to common attack methods and emphasizing the importance of Web site vulnerability management as part of their overall security posture.”
The original security article source can be located at http://weblog.infoworld.com/zeroday/archives/2007/10/study_90_percen.html or at http://google.com.
This is our introduction for the newest premium security information service XSSworm.com : cross-site scripting attacks - we will be posting news and updates on these topics and we welcome all of your comments on the topics of Web 2.0 Security, Cross-Site Scripting, XSS Worms, XSRF Worms, Digg and Social Networking worms, Youtube worms, Facebook worms, Web 2.0 Security and XML and so much more!
Looking for XSS Vulnerabilities and Exploits?
WHITEHATS — Please pay our XSS page a visit and leave your comments! - only the most relevant XSS security news and tools and comments only - no spam please your blackhat SEO tricks is not welcome here.
Regards, The XSS Worm . Com Team.
XSS WORM : Cross Site Scripting Attacks : http://www.xssworm.com - cross-site-scripting-security@xssworm.com - AIM: cross site XSS - (c) 2007,2008
flowrian Said,
October 26, 2007 @ 12:40 pm
I agree completely that the XSS - Cross Site Scripting (XSSworm.com) application vulnerability has really come into its own during the past 6 months.
Web 2.0 Security issues like CSS will now tops Mitre CVE and the WHID not to mention the 24hour mainstream news media coverage during the last week. We security industry have come to understand how _incredibly severe_ XSS attacks can be considering Internet Hacking Web Worms. Typical adolescent cookie theft seems a harmless misdemeanor by comparison. As a result, one of the questions that has resurfaced to the top of the list of security questions is the undecisiveness surrounding a security XSS worm vulnerability severity rating.
In previous years, most vulnerability assessment penetration project reports I’ve read have understandably assign free XSS vulnerabilities as “Medium Security”. The same is true in whitehats. We feel free to rate non-persistent as “Medium” or “Mesothelioma”, persistent as “High”, with the vast majority being treatable as non-persistent. Today what is I guess is happening is the potential business impact study of XSS vulnerability and risk has grown much greater and the threat differential matrix between elusive non-persistent and dynamic persistent is diminishing. For vulnerability DUI analysis reporting purposes we’re compelled to increase the severity matrix risk rating of almost all Cross Domain XSS issues to “High Risk” High Yield. This would seem to make more sense to invest into based on what we now know.
What I’m interested to know how others in the industry view XSS in terms of network security severity rating. Are there plans to increased reported severity index?
JavaScript malware and spyware just got a lot more dangerous due to with the launch of the the most useful XSS Security resource XSSWORM. You can find them here or search:
http://www.google.co.uk/search?hl=en&q=xssworm&meta=http://search.live.com/results.aspx?q=xssworm.com%20web%20application%20%20security%20&coqs
It is an excellent site please keep up with the comments and useful XSS articles!
Warmest,
flowrian.
Francesco Vaj Said,
October 26, 2007 @ 6:41 pm
thanks for you comment flowrian, we are very happy for our new release security site launch.
Im not sure to answer in your post, the severity of vulnerability it is understood that XSS is very High Risk vulnerabilities. You can read the very high risk XSS discussion at this site :
Hacking Intel - XSS Security exploit with ASP.Net using .RewritePath and Request.RawUrl bypassing ASP.Net native script protection
By Kevin Pirkl (Intel) (14 posts) on September 20, 2007 at 2:46 pm
Hacking Intel: XSS Security exploit with ASP.Net using .RewritePath and Request.RawUrl bypassing ASP.Net native script protection (.Net 1.1 and 2.0)
http://softwareblogs.intel.com/2007/09/20/hacking-intel-xss-security-exploit-with-aspnet-using-rewritepath-and-requestrawurl-bypassing-aspnet-native-script-protection/
THere is not plans to increased this severity when it is pinned we of course report it at xssworm.com
Thank you flowrian
I am now sorry for my bad english
F Vaj
insistkool Said,
October 27, 2007 @ 1:06 am
Fix your css (style sheet) before you move on to web security, and stop using wordpress if you are serious.
xssworm Said,
November 9, 2007 @ 8:58 am
thanks you for your feedback, we have now publish alert about porblem with CSS and wordpress exploit for 2.3
Daniel Craig Said,
October 3, 2008 @ 7:59 am
Hey, I was looking around for a while searching for introduction to network security and I happened upon this site and your post regarding XSS WORM Cross Site Scripting Attacks (XSS) Information Portal 2.0, I will definitely this to my introduction to network security bookmarks!
Goat weed Said,
October 8, 2008 @ 10:51 pm
Horny goat weed
Provillus Said,
October 20, 2008 @ 5:24 pm
Provillus Review - Best hair loss, hair fall and hair regrowth products for men’s and women’s hair for stop losing hair and grow fast longer and shinning new hair by http://www.managehairloss.com
Revitol Said,
November 1, 2008 @ 3:22 pm
Revitol products review, solutions and treatments on Revitol anti aging, Revitol acne treatments, Revitol cellulite problems, Revitol skin exfoliator, Revitol skin cleansing, Revitol anti wrinkles, Revitol stretch marks by http://www.revitolskincarez.com
GoogleBot Said,
November 11, 2008 @ 12:22 pm
DAESH ONOTOLE V PRAVITELI VSELENNOI!
YahooBot Said,
November 11, 2008 @ 6:48 pm
Nice site, thanks for information!
HairyMan Said,
November 12, 2008 @ 12:34 am
Not bad… Not bad.
SEO Pakistan Said,
November 20, 2008 @ 2:12 pm
SEO PAKISTAN - SEARCH ENGINE OPTIMIZATION AND SEARCH ENGINE MARKETING SERVICES COMPANY IN PAKISTAN FOR LINK BUILDING AND SEARCH ENGINE RANKING. http://www.seoptimizerz.com