Author Topic: XSS attack from LiveLeak  (Read 1170 times)

davidnix71

  • Member
  • **
  • Posts: 760
  • Kudos: 501
XSS attack from LiveLeak
« on: 20 January 2009, 00:58 »
Sunday when I visited LiveLeak, NoScript pitched a fit. Instead of giving me the usual warnings at the bottom, I got a bunch of XSS warnings at the top. I read the console log and it looks like porn spammers from Holland hacked the site. The ads were in Dutch, but they had logged my IP correctly so the city was Fort Lauderdale. They looked like AdultFriendFinder ads.

The phrase in the ad header was "Maak contact met opwindende vrouwen" in Fort Lauderdale. If you Google that phrase, you get sponsored Google ads on the right for Russian women, milfs and cheating wives. The sites listed in the search results have vulgar words in their names.

As of today, LiveLeak is back to normal. Our main Mac IT guy at work said someone is practicing for a larger attack. I tried adding extra filters to NoScript, and reloading the page, but the page scripts kept changing the top domain and I couldn't block it completely.


Lead Head

  • Global Moderator
  • Member
  • ***
  • Posts: 1,508
  • Kudos: 534
Re: XSS attack from LiveLeak
« Reply #1 on: 20 January 2009, 18:30 »
Crazy how vulnerable some websites are. If they practiced on a video site like liveleak, perhaps they are going to go after youtube?
sig.

SiMuLaCrUm

  • Member
  • **
  • Posts: 817
  • Kudos: 143
  • OMGWTFBBQ
Re: XSS attack from LiveLeak
« Reply #2 on: 21 January 2009, 16:02 »
YouTube is too big and probably has more security. They would be able to stop them quickly or clean up the problems quickly.
Proudly posted on a computer

Lead Head

  • Global Moderator
  • Member
  • ***
  • Posts: 1,508
  • Kudos: 534
Re: XSS attack from LiveLeak
« Reply #3 on: 22 January 2009, 05:30 »
Never really thought about that. Forgot they were owned by google. I don't think google has ever been successfully hacked either?
sig.

SiMuLaCrUm

  • Member
  • **
  • Posts: 817
  • Kudos: 143
  • OMGWTFBBQ
Re: XSS attack from LiveLeak
« Reply #4 on: 25 January 2009, 00:55 »
I don't think so...
Proudly posted on a computer