Full Disclosure mailing list archives
[iBLISS Advisory Board] Cross-Site Scripting (XSS) Vulnerability on Twitter
From: bruno () bsdmail com
Date: Wed, 09 Dec 2009 17:19:19 -0500
[iBLISS Advisory Board] Cross-Site Scripting (XSS) Vulnerability on Twitter Vulnerability Cross-Site Scripting on Search (Twitter) How When you make a search (http://www.twitter.com/timeline/search?q=) and save the request, the search is NOT sanitized, so if you reload your home, the code typed (search) is executed. Tested on Firefox 3.5 and IE 7.0 Timeline Discovered 29/11/2009 Vendor Disclosure 02/12/2009 Patched 09/12/2009 Disclosure 09/09/2009 Credits iBLISS - Business Logic & Intrusion Security Specialists (http://www.ibliss.com.br/) Rodrigo "Sp0oKeR" Montoro Bruno Gonçalves de Oliveira
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [iBLISS Advisory Board] Cross-Site Scripting (XSS) Vulnerability on Twitter bruno (Dec 09)