Re: First cross-domain XSS worm (not)

[Valdis.Kletnieks () vt edu]

On Mon, 16 Jul 2007 16:51:22 BST, Berend-Jan Wever said:

> without XMLHTTPRequest. I've been told that people saw XSS worms as early as
> 2000, but I have found no evidence to support this: let me know if you know
> something.

It's quite possible that they were out there, but nobody noticed them because
nobody was *looking* for them.  At most sites, if it doesn't trip the IDS,
it literally never happened.  If your intrusion detection system only has
templates for mammals, a hell of a lot of alligators can wander through and
you'll never see one....

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/