Recently hackers attacked facebook by injecting porn images and videos in to the users account.Facebook said, it is a Self-XSS attack.
The Self XSS attack is a computer securtiy vulnerability, mostly used to attack the web applications by injecting client side script (Java Script, VB Script etc..) into web pages viewed by other users.
The below examples will be giving an overall idea about how a client side script can inject,
For example enter the code into the web browser
javascript:alert('I am XSS');
This is will show a pop up with "I am XSS".
Like this a hacker can inject malicious codes into the browser to steal confidential data, cookies, redirect to other sites etc...
To get all the cookies informations, execute the below code in the browser
javascript:alert("Cookies:"+document.cookies+" "+"\n I am XSS");
The above codes would not be doing other than displaying the datas, but a hacker can
inject powerfull malicious codes to destroy the user informations.
Download PDF:
1) A Study of Malicious Attacks on Facebook
2) http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Hoffman.pdf
3) Cross-Site Scripting XSS
4) http://sun.cs.ucdavis.edu/papers/esorics09_xssworm.pdf