XSS worm strikes GaiaOnline
GaiaOnline is a highly popular web based game, a perfect target for an XSS worm.
Normally when you consider an XSS worm, such as the infamous Samy worm, or lesser known IPB ones the one thing they have in common is how they spread. They abuse a filter flaw to store itself in some permanent storage system such as the users profile or the users sugnature. This worm differs in that it uses only reflective XSS holes.
At the SecuriTeam blog.
[ Read more ]