Sunday, September 20, 2009

TweetMeme still vulnerable to Cross-site scripting (XSS) attack

the old bug was fixed but now I have found another one.

let's see some proof of concept

XSS
http://tweetmeme.com/auth/signup?r=1 XSS



Iframe


Redirect Poc. http://tinyurl.com/l77pkf

See also XSS flaws and Redirect on Tweetmeme and Twittercounter

No comments: