A blogger trying to bypass Twitter's new nofollow policy for oauth client application links stumbled upon a massive persistent cross-site scripting (XSS) vulnerability, which allowed him to insert potentially malicious JavaScript code into a tweet. The vulnerability could have been leveraged to steal session cookies, create a Twitter worm or infect visitors with malware.

Earlier this month, search engine optimization gurus revealed a black hat SEO technique that was being used to increase a website's page rank by receiving "link juice" from Twitter. Most of the links pointing out of Twitter have the rel="nofollow" parameter, which tells search engine robots not to follow them.

However, one type of Twitter links that lacked this attribute were the ones pointing to the oauth client used to post a particular tweet, like Tweetdeck, Seesmic, Tweetie or others. These links appear underneath the actual message of each status update posted from outside of Twitter and reads something like: "[x] minutes ago from [Application Name] (linked)."

Read the original here:
Critical Twitter Bug Discovered