[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] [iBLISS Advisory Board] Cross-Site Scripting (XSS) Vulnerability on Twitter
- To: cisspBR@xxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] [iBLISS Advisory Board] Cross-Site Scripting (XSS) Vulnerability on Twitter
- From: bruno@xxxxxxxxxxx
- Date: Wed, 09 Dec 2009 17:19:19 -0500
[iBLISS Advisory Board] Cross-Site Scripting (XSS) Vulnerability on Twitter
Vulnerability
Cross-Site Scripting on Search (Twitter)
How
When you make a search (http://www.twitter.com/timeline/search?q=) and save the
request, the search is NOT sanitized, so if you reload your home, the code
typed (search) is executed.
Tested on Firefox 3.5 and IE 7.0
Timeline
Discovered 29/11/2009
Vendor Disclosure 02/12/2009
Patched 09/12/2009
Disclosure 09/09/2009
Credits
iBLISS - Business Logic & Intrusion Security Specialists
(http://www.ibliss.com.br/)
Rodrigo "Sp0oKeR" Montoro
Bruno Gonçalves de Oliveira
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/