How Many Characters Does It Take To Exploit Twitter? - The UpStream

How Many Characters Does It Take To Exploit Twitter?

posted Sunday Sep 26, 2010 by Jon Wurm

How Many Characters Does It Take To Exploit Twitter?

Thanks to Magnus Holm, who was the first Twitter user to exploit a simple JavaScript error, you might have received a barrage of strange tweets. Yes, even more strange than the normal ones. The tweets may have been as inert as a black background or a hyperlink to a nasty porn site. User profiles and hyperlinks were also directly affected by crazy mouse-over effects due to JavaScript injected into the page. Twitter recognizes this bug as a XSS(cross-site scripting) bug that could be exploited because Twitter did not convert its Tweets into hyperlinks correctly.

Hit the break to find out what character gave Twitter so much trouble.

Basically when the "@" symbol was used in a tweet, part of that tweet was converted into JavaScript on the page. This gave the JS full access to all the features on the page such as the ability to tweet and re-tweet. Hence all the crazy tweets that resulted. Twitter has countered by creating a "new" Twitter site that has supposedly addressed the issue and started being implemented last week.

I can't say I'm surprised at all. Twitter has been poorly implemented from the beginning and this isn't even the first time an XXS bug has been exploited. These exploits are so simple that it just seems unreal for such a widely used service to fall victim to this twice. All they do is convert tweets into hyperlinks, that is their service, and yet they haven't even got that right. Maybe the Web isn't the place for Twitter to be.


Login to CommentWhat You're Saying

Be the first to comment!

We're live now - Join us!



Forgot password? Recover here.
Not a member? Register now.
Blog Meets Brand Stats