One of World’s Largest Websites Hacked

Venustus

Venustus

Level 59
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Dec 30, 2012
4,809
layer-7-ddos-attack-using-xss-flaw.png


Cloud-based security service provider ‘Incapsula‘ detected a unique application layer DDoS attack, carried out using traffic hijacking techniques. DDoS attack flooded one of their client with over 20 million GET requests, originating from browsers of over 22,000 Internet users.

What makes this case especially interesting is the fact that the attack was enabled by persistent XSS vulnerability in one of the world’s largest and most popular site – one of the domains on Alexa’s “Top 50” list.

XSS vulnerability to Large-Scale DDoS Attack
Incapsula has not disclosed the name of vulnerable website for security reasons, but mentioned it as a high profile video content provider website, allows its users to sign-up and sign-in with their own profiles.

The DDoS attack was enabled by a Persistent XSS (Cross site scripting) vulnerability that allowed the attacker to inject a malicious JavaScript code into the tag associated with the profile image.

More
 
  • Like
Reactions: Littlebits, Terry Ganzi and BoraMurdar
Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
The "video site" should be patched now. Things could get interesting now.

Researchers also mentioned that attackers behind recent DDoS attack have upgraded their DDoS tool to a much more robust version. “This leads us to believe that what we saw yesterday was a sort of POC test run. ” Incapsula quickly reached out to the vulnerable video website support team to patch the flaw.​
 
  • Like
Reactions: BoraMurdar and Venustus
Venustus

Venustus

Level 59
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Dec 30, 2012
4,809
Huracan said:
The "video site" should be patched now. Things could get interesting now.

Researchers also mentioned that attackers behind recent DDoS attack have upgraded their DDoS tool to a much more robust version. “This leads us to believe that what we saw yesterday was a sort of POC test run. ” Incapsula quickly reached out to the vulnerable video website support team to patch the flaw.​
Click to expand...
Huracan, could you please elaborate on which website was involved!?
 
D

Deleted member 178

2 videos websites only and one of them is a porn one...so guessed who is the other :D

are you watching Mycylinder? :p
 
  • Like
Reactions: Venustus
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
    • Wow
Security News 22 Energy Firms Hacked in Largest Coordinated Attack on Denmark’s Critical Infrastructure
Replies
6
Views
1,838
Security News
oldschool
oldschool
CyberTech
    • +Reputation
Security News Veeam warns of critical bugs in Veeam ONE monitoring platform
Replies
0
Views
1,078
Security News
CyberTech
CyberTech
I
    • Like
Security News Microsoft explains how Russian hackers spied on its executives
Replies
1
Views
1,029
Security News
Vitali Ortzi
Vitali Ortzi

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top