This video is a follow-on to the previous Rackspace cloud video on stealing Rackspace API keys using XSS.
In the Rackspace cloud when you launch a new server instance the root (administrator) password along with the IP address of the system is emailed to the account holder. In most situations the account holder just logs in quickly and changes the password. Not the best design decision in my opinion, but the exposure is relatively small. This design decision is important to note as it can be abused when combined with other cross-site scripting vulnerabilities as previously demonstrated.
The demonstration in the above video shows just how a Rackspace cloud user with a valid session that clicks on a malicious link can be taken for a ride. This ride includes their account being hijacked, server instances being launched and the attacker having complete control over those instances. If that wasn't bad enough the bill goes to the victim.
Site by &yet Web Design