Monday, October 24, 2005

"Samy" explained

Here's a detailed examination of the MySpace Samy/JS.Spacehero worm, a JavaScript hack that enabled one MySpace user to automatically add himself to the "friends" lists of thousands of MySpace members and add the line "Samy is my hero" to their profiles.

Looks like the perp found a way to execute JavaScript by stuffing a "javascript:" pseudo-protocol inside a CSS background:url(...) rule, then used XMLHTTP to execute a series of POSTs. Much of the code looks pretty IE-specific in this case.

Mmmm, Ajax badness.


Post a Comment

<< Home