Submission + - Twitter Tainting Exploit Discovered (twitter.com) 3
beaverdownunder writes: "In a surprising turn of events that may hasten the release of New Twitter, user @RainbowTwtr has discovered that code can be executed from inside tweets.
For example, tweeting:
http://twitter.com/beaverdownunder#@"style="background-color:white;color:white;"onmouseover="location.href='http:'+'//khaaan.com'"/
will cause any user who moves their mouse over this 'blank' tweet to go to the website specified. Obviously, this is a shocking revelation, since tainting has been an issue pretty much throughout computing history. @mjectest shows a number of exploits that could be even more nefarious..."
For example, tweeting:
http://twitter.com/beaverdownunder#@"style="background-color:white;color:white;"onmouseover="location.href='http:'+'//khaaan.com'"/
will cause any user who moves their mouse over this 'blank' tweet to go to the website specified. Obviously, this is a shocking revelation, since tainting has been an issue pretty much throughout computing history. @mjectest shows a number of exploits that could be even more nefarious..."
