Part 2 - What is XSS

Video Activity

This lesson offers some examples of well-known XSS attacks, which include: 1. MySpace: This occurred in 2005 and involved the SAMY worm 2. Facebook: This occurred in 2011 and used a code to distribute malware 3. Yahoo: This occurred in 2013 and involved cookie theft

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5
Video Description

This lesson offers some examples of well-known XSS attacks, which include: 1. MySpace: This occurred in 2005 and involved the SAMY worm 2. Facebook: This occurred in 2011 and used a code to distribute malware 3. Yahoo: This occurred in 2013 and involved cookie theft

Video Transcription
00:03
>> Some attack examples.
00:03
You might be asking yourself, well,
00:03
how much is actually being used in a real word,
00:03
whether there's some attack examples.
00:03
In 2005, the Samy worm
00:03
took advantage of a cross-site scripting vulnerability,
00:03
which cause people who viewed
00:03
affected pages to send a friend request to
00:03
Samy Kamkar and then display a message which said,
00:03
but most of all Samy is my hero,
00:03
this resulted in Samy Kamkar
00:03
gaining over one million friends
00:03
overnight and caused MySpace
00:03
to temporarily shut down
00:03
in order I fix the vulnerability.
00:03
The MySpace vulnerability showed just how quickly
00:03
the cross-site scripting vulnerability can
00:03
hit and how quickly it could spread
00:03
and just what impact it can,
00:03
because every individual who viewed
00:03
a person's page who had been
00:03
affected by this themselves became affected by it.
00:03
In 2011, there was an attack on Facebook.
00:03
This attack took advantage
00:03
of across-site scripting vulnerability
00:03
to spread malware via a malicious link.
00:03
Here we can see the malicious link itself and just how
00:03
detailed it was in order to deliver the content.
00:03
This is another dangerous example because of
00:03
how quickly it was spread
00:03
and how wide it was able to be spread.
00:03
Social media platforms are
00:03
really dangerous to have
00:03
these vulnerabilities and because
00:03
of how quickly attacks can spread
00:03
and how wide of a net it
00:03
can cast because of
00:03
the nature of how social media is with the sharing.
00:03
Then in 2013, there was
00:03
a Yahoo cross-site scripting
00:03
vulnerability and there was a spam message
00:03
with a short link to an apparently harmless session of
00:03
MSNBC that lead to account hijacking via cookie theft.
00:03
I showed you an example of the cookie length before,
00:03
so it was a spam message like that which allowed
00:03
individuals to steal the cookies of Yahoo users.
00:03
We will be going more in depth
00:03
into cross-site scripting,
00:03
you will get time to practice
00:03
some attacks, see their effects,
00:03
and check out some really cool tools to find them and
00:03
validate the exploits and see how
00:03
far you can take the exploit in
00:03
the test environment that you will
00:03
be performing this test in.
00:03
What was covered? We discussed
00:03
what cross-site scripting is.
00:03
It talks about the attack types.
00:03
We also showed you some attack examples
00:03
with the three different scripts that I had showed.
00:03
We discussed why it's dangerous and
00:03
>> we also discussed the examples of real-world attacks.
00:03
>> Happy hacking out there everyone.
Up Next