Massive href hacks MySpace

<a href=”badplace.com” style=”position: absolute; top:0; left: 0; height: 8000px; width:1000px”></a>

The above piece of HTML code inserted into several MySpaces pages allows the download and installion of malware on unexpecting user’s machines. With the href being so large, should the visitor mis-click any link, they will be redirected to the infected site. The user might not be suspicious on a media rich site such as MySpace, thinking that they need to install a codec to view a video etc.

For developers like myself, this introduces a problem. The rule is never to trust any user provided content and remove scripts, iframes etc. With this exploit, we will need to validate all external links too.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: