Orkut XSS Worm

Published: 2007-12-19
Last Updated: 2007-12-19 17:57:39 UTC
by Tom Liston (Version: 1)
1 comment(s)

A vulnerability in the social networking site Orkut that allowed users to inject HTML and JavaScript into their profiles set the stage for a persistent XSS worm that appears to have affected approximately 400,000 Orkut users.  The malicious code is apparently fetched from the site "http://files.myopera.com" and is called, conveniently enough, "virus.js."

1 comment(s)


virus.js file and the user serving the file are now banned from files.myopera.com / My Opera Community.

Diary Archives