Twitter Xss Vulnerability

Peaches

By Peaches,
in Security Alerts

 Share Followers 0

Recommended Posts

Peaches

Peaches

Posted
Posted

21 March 2009, 11:53

Twitter XSS vulnerability

Secure Science Corporation has published a proof of concept XSS vulnerability which it says could be spread virally, similar to a worm, on the popular microblogging service, Twitter. The exploit is similar to the "Don't click" clickjacking exploit found at the end of February. When the users inadvertently clicked the links while logged into their accounts, the embedded script automatically re-posted itself under their Twitter account.

The exploit makes use of a web programming error on Twitter's support site, to post the unwanted message. The test code provided by Secure Science posts the message "@XSSExploits I just got owned!" to the victim's profile. According to Lance James, chief scientist at Secure Science, the attack could be modified so that there is no warning screen and include a message that would make users more likely to click on it.

http://www.h-online.com/security/Twitter-X...y--/news/112905

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Followers 0
Go to topic listing