I posted an email from unsticky talking about the vulnerabilities in myyearbook.com and how that can enable Warhol worms: http://ha.ckers.org/blog/20060823/warhol-worm-becomes-spam-gateway/

It's interesting to see how a small portion of the attack is actually the part that is the most devistating. It's not the XSS, but the CSRF that is the real problem here. XSS simply enables the attack.

- RSnake
Gotta love it. http://ha.ckers.org

Yes CRSF are very useful =)
But when you found an XSS how do you want to protect about flood / spam.
I mean for example in gmail, there is a request to send a mail to s.o but you can't send a request outside because there's a special number - "a token". But with the xss you don't need anymore this token cause you are logged and you use it. So thanks to the xss you can send email, that's a csrf (the request to send mail).
But how do you want to protect from that ? Inplant captchas every time you send an email ?
Very interresting stuff : )



Edited 1 time(s). Last edit at 08/27/2006 06:53AM by Girzi.

CAPTCHAs, yes, but really any user supplied input that is known by the server and the user only (not something programmatically guessable) will work. Asking for their password again is one common method.

- RSnake
Gotta love it. http://ha.ckers.org