| Thursday October 23rd 2014

Feedburner

Subscribe by email:

We promise not to spam/sell you.


Search Amazon deals:

Use Twitter? Turn off JavaScript… there’s bad XSS issues there being exploited right now


Twitter logo

So, I started seeing odd tweets in my timeline, it seems that posting a link like this:

http://oh.no/@"onmouseover=";alert('XSS')"

fails input validation, resulting in the script being executed when you mouse over the tweet. Note that you can inject pretty much any attribute this way, including style, letting your tweet use fixed positioning over the entire site, so it’s hard to escape the mouseover.

Nice one twitter… now the only site to get exploited in under 140 characters.


Source

Related Posts: On this day...

Leave a Reply

You must be logged in to post a comment.