CSRF with XSS can be used to DDOS a site, injecting the <img src=''http://victim''/> HTML snippet to a large number of public websites. Want increase the number of connections per user ? multiply the number of injection per page. Want to increase the CPU processing of the target ? Target the search application using several keywords separated AND operators. Want to suck up a lof more bandwidth ? Try URLs that are 2K or so in size...
2008-04-30
