Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Full Disclosure: Full-Disclosure

[iBLISS Advisory Board] Cross-Site Scripting (XSS) Vulnerability on Twitter

  

 
Full Disclosure full-disclosure RSS feed   Index | Next | Previous | View Threaded


bruno at bsdmail

Dec 9, 2009, 2:19 PM

Post #1 of 1 (328 views)
Permalink
[iBLISS Advisory Board] Cross-Site Scripting (XSS) Vulnerability on Twitter
[iBLISS Advisory Board] Cross-Site Scripting (XSS) Vulnerability on Twitter


Vulnerability
Cross-Site Scripting on Search (Twitter)


How
When you make a search (http://www.twitter.com/timeline/search?q=) and save the request, the search is NOT sanitized, so if you reload your home, the code typed (search) is executed.


Tested on Firefox 3.5 and IE 7.0


Timeline
Discovered 29/11/2009
Vendor Disclosure 02/12/2009
Patched 09/12/2009
Disclosure 09/09/2009


Credits
iBLISS - Business Logic & Intrusion Security Specialists (http://www.ibliss.com.br/)
Rodrigo "Sp0oKeR" Montoro
Bruno Gonçalves de Oliveira

Full Disclosure full-disclosure RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.