[Full-disclosure] Twitter [Mobile] Account Settings Cross Site Scripting and Multiple Html Injection
*Description of script:* Twitter providing features to protect the user privacy, using account setting you can protect your Tweets, you can change Username, you can change your password, and you can change your E-mail address. *Affected script URL:* URL #1: https://mobile.twitter.com/settings/screen_name URL #2: https://mobile.twitter.com/settings/name *Vulnerability Description:* 1) Cross Site Scripting Vulnerability ( Twitter mobile is infected User Side XSS as well as it was protected to click jacking ): Cross-Site Scripting attack is type of injection, in which malicious java scripts are injected into the web sites dynamic page. 2) HTML Injection Vulnerability (Twitter mobile is infected User Side , one html injection was stored ) HTML Injection is a type of injection, in which malicious HTML Code injected into the web sites Pages. *Exploit Description + Proof of Concept:* URL #1: https://mobile.twitter.com/settings/name Title #1: Stored HTML Injection Vulnerability In the above URL there is one input box to change the name. The HTML code of the input box is following. for more details http://www.karmacyberintel.net/2012/01/twitter-mobile-account-settings-cross-site-scripting-and-multiple-html-injection-vulnerability/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Faux Anonymous hackers to Facebook: 'We're not playing'
*UPDATE* After attacking several government sites to protest controversial US legislation in past weeks, hacktivist group Anonymous is setting its sights on one of the Internet's biggest targets: Facebook. Or maybe not. Sources Form karmacyberintel.net for more details http://www.karmacyberintel.net/2012/01/faux-anonymous-hackers-to-facebook-were-not-playing/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Anonymous deletes CBS.com, solicits opinions on who to hack next
Anonymous deletes CBS.com, solicits opinions on who to hack nextsources form karmacyberintel.net for more details http://www.karmacyberintel.net/2012/01/anonymous-deletes-cbs-com-solicits-opinions-on-who-to-hack-next/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins
(CBS) - The week began on a high note for Internet activist. The biggest organized effort to blackout websites in solidarity over the Stop Online Piracy Act (SOPA) and Protect IP Act (PIPA) was a huge success sources form for more details http://www.karmacyberintel.net/2012/01/megaupload-anonymous-hacker-retaliation-nobody-wins/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
