Answer by ACP for Today's XSS onmouseover exploit on twitter.com
The exploit was a classic piece of Javascript injection. Suppose you write a tweet with the following text:"http://www.guardian.co.uk/technology is the best!"When you view the Twitter web page, that...
View ArticleAnswer by Michael Foukarakis for Today's XSS onmouseover exploit on twitter.com
The vulnerability is because URLs were not being parsed properly. For example, the following URL is posted to Twitter:http://thisisatest.com/@"onmouseover="alert('test xss')"/Twitter treats this as the...
View ArticleAnswer by Adam for Today's XSS onmouseover exploit on twitter.com
It's an XSS exploit. As Twitter admitted in their update. You can prevent attacks like that by never allowing users to post javascript code. You should always filter it out. More information about...
View ArticleAnswer by rook for Today's XSS onmouseover exploit on twitter.com
Yes this is XSS, it is attacking a javascript event handler. What is cool about this XSS is that it doesn't require <> to exploit. The injected string is:...
View ArticleAnswer by Wade Tandy for Today's XSS onmouseover exploit on twitter.com
From Wikipedia: "Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages...
View ArticleToday's XSS onmouseover exploit on twitter.com
Can you explain what exactly happened on Twitter today? Basically the exploit was causing people to post a tweet containing this link:...
View Article
