Exploits are as easy as embedding malicious JavaScript in registration forms.
Category: cross-site scripting
Visitors’ browsers hail command-and-control server even after attack is shut down.
XSS vulnerability allows attackers to take full control of unpatched sites.
Exploit code lets unauthorized attackers gain administrative control.