Wednesday, August 19, 2009

Twitturly and Twitterfeed XSS

Twitturly and Twitterfeed two of the most popular twitter services still vulnerable to Cross-site scripting

Poc
http://twitturly.com/ajax/tweetit.php?a=submit&urlid=XSS




XSS bug on Login module
http://twitterfeed.com/session/new


Aviv Raff have reported same kind of bugs on the same sites few months ago.
See twitpwn

twitturly and twitterfeed Staff has been alerted about the issue.


Update

New XSS on twtpoll.com

Poc:
http://twtpoll.com/search.php?search_str=XSS

No comments: