{"id":2393,"date":"2010-01-04T10:13:48","date_gmt":"2010-01-04T10:13:48","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=2393"},"modified":"2015-09-09T19:37:46","modified_gmt":"2015-09-09T11:37:46","slug":"researcher-uncovers-xss-flaws-in-twitter-and-google-calendar","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2010\/01\/researcher-uncovers-xss-flaws-in-twitter-and-google-calendar\/","title":{"rendered":"Researcher Uncovers XSS Flaws In Twitter and Google Calendar"},"content":{"rendered":"
[ad]<\/p>\n
More flaws discovered in Twitter<\/a> and Google Calender<\/a> during the holiday season.<\/p>\n Once again XSS flaws have been discovered in popular web apps, but at least they were reported and not used nefariously this time.<\/p>\n Fixes have been issued promptly by both Google and Twitter so there is not much cause for concern this time round. But you can imagine if Nir Goldshlager could uncover these flaws – how many more are there<\/p>\n A security researcher uncovered some holes in Google Calendar and Twitter that may allow an attacker to steal cookies and user session IDs.<\/p>\n In a proof of concept, researcher Nir Goldshlager demonstrated cross-site scripting (XSS) vulnerabilities in Google Calendar and Twitter that he said could be used to steal cookies and session IDs. He also uncovered an HTML injection issue affecting Google Calendar as well that he said could be used to redirect a victim to an attack site any time the user viewed his or her Google Calendar agenda events.<\/p>\n Twitter issued a fix for the issue Dec. 30, and Google stated Dec. 31 it would examine the input validation process for the Google Calendar field to help address the situation.<\/p><\/blockquote>\n