Submission + - XSS Flaw in Popular Video-Sharing Site Enabled DDoS Attack (itworld.com)
itwbennett writes: Attackers exploited a vulnerability in a popular video-sharing site to hijack 22,000 browsers and launch a large-scale DDoS attack, according to researchers from Web security firm Incapsula. The attack happened Wednesday and was the result of a persistent cross-site scripting (XSS) vulnerability. The XSS flaw allowed attackers to create a new account with rogue JavaScript code injected into the img tag corresponding to its profile picture. 'As a result, every time the image was used on one of the the site's pages (e.g., in the comment section), the malicious code was also embedded inside, waiting to be executed by every future visitor to that page,' the Incapsula researchers said Thursday in a blog post.