nsane.forums Posted April 12, 2009 Share Posted April 12, 2009 A cross site scripting vulnerability in Twitter allowed the stalkdaily.com worm to spread through user's biography field in their profileOver Saturday, a worm which uses a cross site scripting flaw in Twitter profiles has been tricking users of the social networking service and directing them to stalkdaily.com. Twitter has confirmed the problem and closed the vulnerability.The worm consisted of JavaScript code hidden in the "Bio" section of the Twitter profile. A user would be sent to view another users profile which contained the script. The script would wait three seconds and grab the user name and twitter cookie for the user. It then used the Twitter API, with the users credentials to modify that users profile, adding the worm and sending tweets about stalkdaily.com.Twitter users should check their profile's biography field to see if it has changed and if so, reset it. Twitter has reset the password on a number of affected accounts and those users will need to request a new password to regain access. View: Original Article Link to comment Share on other sites More sharing options...
Donaldo Posted April 12, 2009 Share Posted April 12, 2009 :P Yeah!!! :D:dance2: Maybe he came crawling in for his mate, Conficker. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.