Monday, September 26, 2016

XSS Vulnerability in Twitter [https://twitter.com] (Write Up)



Twitter XSS (Write Up)



Since I successfully transferred my blog from Wordpress to Blogger, To celebrate, here's a short write up of my previous report on Twitter which I got a bounty of $280 for reporting it to Twitter Security team.

Few months ago, I found a Cross Site Scripting (XSS) Vulnerability in Twitter while reading and tweeting.


Proof of Concept


XSS in Twitter

This issue was reported and fixed already by Twitter Security Team.

--Timeline--

Reported: 2016-03-05
First Reply: 2016-03-07 (Twitter)
Triaged: 2016-03-09 (Twitter)
Bounty Awarded: 2016-03-12
Fixed: 2016-05-20

I hope you enjoy this article.

Thanks,
Evan - Invalid Web Security


"The most important thing is to enjoy your life, to be happy, It's all that matters."
~Audrey Hepburn