| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 09 Dec 2009 17:19:19 -0500
From: bruno@...mail.com
To: cisspBR@...oogroups.com, full-disclosure@...ts.grok.org.uk
Subject: [iBLISS Advisory Board] Cross-Site Scripting
(XSS) Vulnerability on Twitter
[iBLISS Advisory Board] Cross-Site Scripting (XSS) Vulnerability on Twitter
Vulnerability
Cross-Site Scripting on Search (Twitter)
How
When you make a search (http://www.twitter.com/timeline/search?q=) and save the request, the search is NOT sanitized, so if you reload your home, the code typed (search) is executed.
Tested on Firefox 3.5 and IE 7.0
Timeline
Discovered 29/11/2009
Vendor Disclosure 02/12/2009
Patched 09/12/2009
Disclosure 09/09/2009
Credits
iBLISS - Business Logic & Intrusion Security Specialists (http://www.ibliss.com.br/)
Rodrigo "Sp0oKeR" Montoro
Bruno Gonçalves de Oliveira
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists