Tumblr Cross Site Scripting Vulnerability Discovered, Can Be Used to Spread Worms

Gallery Icon

bill-swift - June 13, 2012

When hackers discover website vulnerabilities, they take advantage of it to spread viruses and malware to an unsuspecting audience. When some pretty good people discover them, they take the time to inform the website's administrators so they can correct or patch them before the former group has a chance to exploit the vulnerabilities.

Two security researchers, Aditya Gupta (@adi1391) and Subho Halder (@sunnyrockzzs), belong to the latter group. They came across a cross site scripting vulnerability on social networking and blog site Tumblr, which could be used to steal cookies of authenticated users and exploited to make and spread worms and viruses.

We have also tried to contact them via Twitter and mail earlier, but no response from their side. So we have decided to release it. Well, not exactly, where the vulnerability is, but just to let them know that it is vulnerable.

-- Aditya Gupta and Subho Halder

Tumblr better get back to them fast and act on this matter before it goes out of hand. This is another instance where the popular site has been targeted by cyber criminals, with the previous one being the phishing scam where old login pages of the site were used to steal users' passwords.

Tagged in: gear ,

Disclaimer: All rights reserved for writing and editorial content. No rights or credit claimed for any images featured on unless stated. If you own rights to any of the images because YOU ARE THE PHOTOGRAPHER and do not wish them to appear here, please contact us info(@) and they will be promptly removed. If you are a representative of the photographer, provide signed documentation in your query that you are acting on that individual's legal copyright holder status.