Active XSS on Twitter
Screenshot (thanks to lc0d3r
(there is only an alert)
It all started from here (banal coloring via css) twitter.com/RainbowTwtr
, the author is not known.
It is enough to post a tweet view:
and there will be a lot of joy.
Actually, the reason is a bad link parser, without proper filtering.
: NewTwitter xss does not work.UPD2
: At 15:52 (in Kiev) they closed the opportunity to send such tweets. The old ones are still working.UPD3
: 16:46 in Kiev, the vulnerability is officially closed - status.twitter.com/post/1161435117/xss-attack-identified-and-patched