Cross-site Sscripting (XSS) Caused "onMouseOver" Incident On Twitter

On Twitter's newly redesigned site, an old patched security hole resurfaced, and the majority related to this incident fell under the prank or promotional categories. "A user noticed the security hole and took advantage of it on Twitter.com. First, someone created an account that exploited the issue by turning tweets different colors and causing a […]

On Twitter's newly redesigned site, an old patched security hole resurfaced, and the majority related to this incident fell under the prank or promotional categories. "A user noticed the security hole and took advantage of it on Twitter.com. First, someone created an account that exploited the issue by turning tweets different colors and causing a pop-up box with text to appear when someone hovered over the link in the Tweet. This's why folks are referring to this an "onMouseOver" flaw -- the exploit occurred when someone moused over a link.

In this case, users submitted javascript code as plain text into a Tweet that could be executed in the browser of another user.," explains Twitter.

Though the current exploits are still mostly harmless in nature, this hole can easily be used to redirect Twitter users to sites containing malware. Twitter claimed to have fully patched the cross-site scripting exploit now.

[Source]

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.