FIXED: XSS into Tweets! Tweetroll!

By Dan Bennett, September 21, 2010

NOTE:

I DID NOT CREATE THIS NOR EXPLOIT IT (well, apart from sending you all to this page).
Sophos and other news stories wrongly accused me as one of them who started the outbreak. This is false.

See http://www.sophos.com/blogs/gc/g/2010/09/21/twitter-onmouseover-security-flaw-widely-exploited/ for more info!

I saw this on twitter and thought “uh oh” … But it is kind of funny.

Basically, you can insert a XSS into your tweet and force something to happen. Now on this case for examples I’ve done on a mouse over it sends you to Rick Astleys song.  Lets call it, Tweet Rolling?

See the damage here: http://twitter.com/Ravenatic/status/25106874872

So, basically. If you see any text like this. Don’t mouse over it!

There are also other codes where you can basically break a users twitter page. ERK!

Lets hope Twitter fix it very soon!

What do you think?

Leave a Reply

%d bloggers like this: