During the past months had been reported a vulnerability in the popular MySpace social networking through which through a type of XSS attack (Cross Site Scripting) is possible spread malware or commit other malicious acts such as theft of profiles.
XSS is a type of scripting attack that seeks to exploit vulnerabilities in application code that interpret HTML, and while MySpace added some layers of protection to prevent such attacks as the block of the script tag, the flaw allows bypasses blocking so an attacker could insert and execute a malicious script as follows:
The problem was reported by its discoverer Daniel Lo Nigro on January 19 this year, who left an example of "script insertion" done without getting any response from MySpace.
It's not the first time and surely not the last, that MySpace is suffering from insecurity through scripting attacks. How serious the matter is that it makes complete availability information, profiles and security of its users.
# Jorge Mieres