Researchers Discovers XSS Vulnerability on Twitter

XSS is more known as cross-site scripting, actually XXS is the vulnerability found in Web apps, and this vulnerability is now found in Twitter. own3d_5ys has discovered this flaw. Perfect blog first reported this vulnerability.

The flaw is present in an application name field, this field belongs to a form which is used to register a new application on Twitter. If you don’t know what are Twitter apps, let me briefly explain it, like if you guys update your Twitter status via third party Twitter app like TweetDeck, that status update has name of the app with it, for example: 5 seconds ago from TweetDeck.

XSS flaw was discovered last August. I was telling you about the application form, this is only form responsible of sending you to the third party website. XSS flaw is one of the major flaws discovered, for instance if you look at the third party apps tweet which can run any arbitrary code on your browser, let it do the rest, this code is so strong that it can do anything your browser can.

There are many examples to state: for example this code can redirect you to some pornographic website, it can also delete all your tweets, it can also send malicious direct messages to your friends, there is a possibility that this code can wipe out all your followings and followers. Take it seriously!

Twitter did fix this flaw but the flaw is still there. The fix was just done temporarily. This flaw is still here and it has been reportedly said this afternoon. Twitter is planning to fix this flaw for all the third party apps.

via [The Tech Herald]