| Sunday May 29th 2016

Use Twitter? Turn off JavaScript… there’s bad XSS issues there being exploited right now

Twitter logo

So, I started seeing odd tweets in my timeline, it seems that posting a link like this:


fails input validation, resulting in the script being executed when you mouse over the tweet. Note that you can inject pretty much any attribute this way, including style, letting your tweet use fixed positioning over the entire site, so it’s hard to escape the mouseover.

Nice one twitter… now the only site to get exploited in under 140 characters.


Related Posts: On this day...

Leave a Reply

You must be logged in to post a comment.