so some attack examples. So you might be asking yourself,
Well, has this you know how much is actually being used in a real world where there's some attack examples? In 2005 the Sami worm took advantage of a cross, a scripting vulnerability which caused people who viewed affected pages to send a friend request to Sami Cam car
and then displaying message, which said,
But most of all, Sami is my hero.
Uh, this resulted in seeing me cam car gaining over one million friends overnight
and caused my space to temporarily shut down what I fixed the vulnerability. So the MySpace vulnerability show just how quickly the cross I scripting
can hit and how quickly it could spread
and just what kind of impact it can. Because every individual who
viewed a person's page
who had been affected by this then themselves became effective by it.
2011. There was an attack on Facebook on this attack took advantage of across the scripting vulnerability to spread malware via a malicious link. Here we can see the malicious link itself and just how detailed it was in order
to deliver the content.
another dangerous example because of how quickly it was spread on how wide it was able to be spread. So
social media platforms are really, really dangerous to have these kind of vulnerabilities in
because of how quickly attacks conspire ed and how wide of the Net can cast because of the nature of how social media is with the sharing.
Then, in 2013 there was a Yahoo
across the scripting vulnerability, and there was a spam message with a short link
to an apparently harmless session of MSNBC.
Now lead to account hijacking via cookie theft. So I showed you an example of the cookie link before. So it was a spam message like that,
which allowed individuals to steal the cookies of Yahoo users. We will be going more in depth and across the scripting. You will get time to practice some attacks,
see their effects and check out some really cool tools to find them and, uh, validate the exploits and see how far you can take the exploit in the test environment that you will be performing this test in. So what was covered?
We discussed across the scripting as we talked about the attack types. We also show juice on my tak examples with the three different
scripts that I'd showed. We discussed why it's dangerous and we also discussed the examples of real world attacks. Happy hacking out there, everyone.