The WIse SECurity
[ Back ]
Thursday, September 23, 2010, 11:34
A Twitter DomXss, a wrong fix and something more
It seems that twitter new site introduced some issue resulting in a worm exploiting a stored Xss.
Do you spot the issue?
It search for "#!" in the Url and assign the content after that to the window.location object. And it is present in (almost?) every page on twitter.com main site.
...Continue the reading on Minded Security blog Here
No comments yet.
Comments are disabled
Wisec is brought to you by...
Wisec is written and mantained by Stefano Di Paola.
Wisec uses open standards, including XHTML, CSS2, and XML-RPC.
All Rights Reserved 2004
All hosted messages and metadata are owned by their respective authors.