Persistent XSS in Top Website enables large DDoS

Persistent XSS in Top Website enables large: Incapsula firm discovered the exploitation of a persistent XSS vulnerability in one of the world most popular website to run a large scale DDoS attack.

Recently Cloud-based security service provider Incapsula detected an application layer DDoS attack conducted hijacking a huge volume of traffic to victims website. The website of Incapsula customer was flooded by a DDoS attack, over 20 million GET requests from the browsers of over 22,000 machines targeted the website. The attack was characterized by the exploitation of a persistent XSS vulnerability in one of the world’s largest and most popular high profile video content provider. According to Incapsula, attackers are using an Ajax-script based DDoS tool, that exploits the victim’s browser to run a DDoS request at the rate of one request per second.