|
Full Disclosure
mailing list archives
[iBLISS Advisory Board] Cross-Site Scripting (XSS) Vulnerability on Twitter
From: bruno () bsdmail com
Date: Wed, 09 Dec 2009 17:19:19 -0500
[iBLISS Advisory Board] Cross-Site Scripting (XSS) Vulnerability on Twitter
Vulnerability
Cross-Site Scripting on Search (Twitter)
How
When you make a search (http://www.twitter.com/timeline/search?q=) and save the request, the search is NOT sanitized,
so if you reload your home, the code typed (search) is executed.
Tested on Firefox 3.5 and IE 7.0
Timeline
Discovered 29/11/2009
Vendor Disclosure 02/12/2009
Patched 09/12/2009
Disclosure 09/09/2009
Credits
iBLISS - Business Logic & Intrusion Security Specialists (http://www.ibliss.com.br/)
Rodrigo "Sp0oKeR" Montoro
Bruno Gonçalves de Oliveira
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- [iBLISS Advisory Board] Cross-Site Scripting (XSS) Vulnerability on Twitter bruno (Dec 09)
| 
