By superhei
2008-01-01
Http://www.ph4nt0m.org
About XSS Worm
A tips of axis: XSS Worm Defense [1] written:
1. Disconnect its source
The xss worm must have an XSS vulnerability on the website, which must be a persistent (or store) XSS vulnerability. The vulnerability must interact with other users on the website.
In fact, it is not necessary to implement XSS Worm "persistent (or store) type". In fact, most of the spread of XSS Worm depends on some features of the original program. For non-"persistent (or store) type ", we can implement worm in combination with csrf/social engineering.
Method 1: For the get type xss, we can write the code on the 3rd-party server, and then send a url to a friend or link blog through comments. [This may not require xss, but crsf. The specific function is required.]
Method 2: Do you still remember the worm before phpbb? Can xss worm be used by search engines? Note that you cannot directly use XHR in your js to search for it like google [XHR cannot be cross-origin]
Do you have other ideas?
Ps: The above is all a waste of ideas and has not been put into practice.
[1]: http://pstgroup.blogspot.com/2007/12/tipsxss-worm-defense.html