XSS Worms (ATTN :: HBH zine)
I'm writing an article on them. Expect it out by january. This one will be a lot more detailed and helpful than any other one out there. If there is anything you want to know about them that I could cover in an article, post here.
Oh, and HBH zine guys, I'm writing more of a white paper, but if you want an article on them and how they work, then send me a PM.
The thing is, It doesn't stop at XSS. At XSS worm propagates (hence the worm part)… it's actually incredibly useful as a DDOS attack: I've used it for that purpose more than once. It can also be used to deface pretty much any page that has dynamic content on the site. You could also use it to bog down a database, or for SQL injection attacks. Name a front end or backend target and XSS worms can take care of it, with a talented and patient programmer. It's not about how "OMG I FOUND AN XSS IN PHPBB", it's about applying that information in intelligent ways. Writing an XSS worm takes just as much skill as writing any other worm.
I agree… If you really want to you could have a frame in a page and have the frame contain that page, so in theory it should reload the page an infinite amount of times…
Also, this isn't XSS but if a page has an include thing (AKA 'page=index'), try and include the page itself to cause an infinite loop… That way it slows down the website at least as much as your internet… I've only done the second one (by accident, I type ?page=index instead of ?page=main
well if you want it in published in the 4 issue of Zine you'll have to wait till March to see it out.
also if you want it publshed in Zine it can't be published anywhere else( ie: your own site, forums, other places on the internet) if you submit it to Zine it becomes our article until the issue is released and then you may have post the article where ever you want.
ill write up the whole ToS for HBH Zine Articles later.