[OWASP-Ireland] Technical explanation of the MySpace worm

Damien Conlon damien.conlon at eurokom.ie
Fri Nov 4 06:31:46 EST 2005


If you haven't heard of the MySpace worm, read this first:

http://www.betanews.com/article/CrossSite_Scripting_Worm_Hits_MySpace/1129232391


Now, although the above is fairly technical, I came across this the other day, written by the author himself:

http://namb.la/popular/tech.html

Anyone interested in cross-site scripting should read the full article; it makes fascinating and fun reading. It's also a very interesting lesson on the pitfalls of 'enumerating badness'.





More information about the Owasp-ireland mailing list