<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden">
Stay updated on the latest news from
the makers of Nexus
Tumblr Worm Proliferated Due To XSS Flaw
by Ali Loney on December 04, 2012

Tags: News, security, AppSec Spotlight

Help Net Security – (International) Tumblr worm proliferated due to XSS flaw. A December 3 worm rampage that left many a Tumblr site “defaced” with a message by Internet troll group GNAA was the result of improper input sanitation. “It appears that the worm took advantage of Tumblr’s reblogging feature, meaning that anyone who was logged into Tumblr would automatically reblog the infectious post if they visited one of the offending pages,” explained a Sophos researcher. Those who were not logged in would be redirected to the standard login page. Once logged in, the offending post would the continued to do its activity and reblog the post on their Tumblr. “It shouldn’t have been possible for someone to post such malicious JavaScript into a Tumblr post - our assumption is that the attackers managed to skirt around Tumblr’s defences by disguising their code through Base 64 encoding and embedding it in a data URI,” concluded the researcher. Tumblr disabled posting for a couple of hours and proceeded to clear the affected accounts. According to a Twitter post by the company, the issue was resolved.

Source: http://www.net-security.org/secworld.php?id=14060

Posts by Topic

see all

Get Blog Updates