😝 Here is the full disclosure of the Twitter XSS + CSRF vulnerability. Clicking a crafted link or going to some crafted web pages would allow attackers to take over your account (posting, liking, updating your profile, deleting your account, etc.)
On 12/11, @rabbit_2333 posted details about an XSS on the Twitter subdomain . x.com/rabbit_2333/st…
On 12/11, @rabbit_2333 posted details about an XSS on the Twitter subdomain . x.com/rabbit_2333/st…
@shoucccc Only clicking that link would have your account taken over? I went to the analytics site earlier in the day but not the one you have listed
@shoucccc Just take a screenshot and pause the video edit the text in the ss and copy the payload easy