[iBLISS Advisory Board] Cross-Site Scripting (XSS) Vulnerability on Twitter
Vulnerability Cross-Site Scripting on Search (Twitter) How When you make a search (http://www.twitter.com/timeline/search?q=) and save the request, the search is NOT sanitized, so if you reload your home, the code typed (search) is executed. Tested on Firefox 3.5 and IE 7.0 Timeline Discovered 29/11/2009 Vendor Disclosure 02/12/2009 Patched 09/12/2009 Disclosure 09/09/2009 Credits iBLISS - Business Logic & Intrusion Security Specialists (http://www.ibliss.com.br/) Rodrigo "Sp0oKeR" Montoro Bruno Gonçalves de Oliveira
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
