⚡️New Twitter exploit about goats – how it works.Sunday, September 26th, 2010 at 7:38 pm
OK, in the last few minutes you will have gotten a few tweets of people explaining that they like to have intercourse through the backdoor with goats. This is a Twitter exploit – probably initiated by someone doing a security talk (I know some people who would be devious enough).
The exploit is actually easy – the main ingredients are:
- Twitter allowing updates through the API via IFRAMES and GET thus being vulnerable to CSRF attacks
- PasteHTML.com being vulnerable to render code without a secure site around it and executing it
- Clients or Twitter automatically applying the t.co link shortener
The code to execute the “worm” is hosted at
http://pastehtml.com/view/1b7xk3b.html so Twitter should contact them – (I just did):