Thursday, July 2, 2009

XSS flaws and Redirect on Tweetmeme and Twittercounter

Since we're in the Month of Twitter Bugs why not :)

Proof of Concept:

http://twittercounter.com/pages/country?time_zone=XSS

http://tweetmeme.com/search.php?for=XSS




Bug like this could be exploited by an attacker to spread malicious scripts on Twitter,so be carefull !
All bugs has been reported

2 comments:

Dmitry Evteev said...

quite nice:)

Sarah said...

Hi There,

This bug was also fixed and the fix was made live 2 hours after we were alerted to it! Thanks for letting us know about it!

The TweetMeme Team!