XSS flaw in popular video-sharing site allowed DDoS attack through browsers
Attackers exploited the vulnerability to hijack 22,000 browsers and launch a large-scale DDoS attack, researchers from Incapsula said.
Attackers exploited a vulnerability in a popular video-sharing site to hijack users' browsers for use in a large-scale distributed denial-of-service attack, according to researchers from Web security firm Incapsula.
The attack happened Wednesday and was the result of a persistent cross-site scripting (XSS) vulnerability in a website that Incapsula declined to name, but said is among the top 50 websites in the world by traffic based on statistics from Amazon-owned firm Alexa.
XSS flaws are the result of improper filtering of user input and can allow attackers to inject unauthorized script code into Web pages. If the code is stored permanently by the server and delivered to all users who view the affected page, the attack is considered persistent.