This is cache of http://ha.ckers.org/blog/20080104/diminutive-xss-worm-replication-contest/. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.
Diminutive XSS Worm Replication Contest
2008-01-04 16:28:08 by RSnake in ha.ckers.org web application security lab
 

For those of you who are familiar with the RSA diminutive munitions project from ages ago, back when it was illegal to export certain crypto systems, and the diminutive PERL contests I’ve enacted a similar contest to write a diminutive self replicating XSS worm (with a non-dangerous payload).

The diminutive XSS worm replication contest is a week long contest to get some good samples of the smallest amount of code necessary for XSS worm propagation. I’m not interested in payloads for this contest, but rather, the actual methods of propagation themselves. We’ve seen the live worm code and all of it is muddied by obfuscation, individual site issues, and the payload itself. I’d rather think cleanly about the most efficient method for propagation where every character matters.

digi7al64 has already posted a sample piece of code, setting the baseline. His code is an impressively small 292 characters. There’s no prize here, however, I will definitely be talking about the winner’s code. The winner will be announced on the 10th after all submissions are in and posted. Visit the thread for more details. This should be interesting for anyone looking at worm propagation issues!

 
Tags: xss worm, propagation, worm propagation issues, code, diminutive, live worm code, xss worm propagation, winners code, diminutive perl contests
 
 
 
 
 
TOP SEARCH
Expand / MinimizeClose Widget
  •  
RECENT SEARCH
Expand / Minimize
  •  
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia