@avlidienbrunn hi buddy. Just saw your report.https://hackerone.com/reports/44146 . awesome find. did you use 307 redirection to bypass cross domain.xml?
@warlock24101991 yep, the 307 redirect was a trick to send custom headers across domains regardless of crossdomain.xml
-
-
@avlidienbrunn so that attack was successful before checking the crossdomain.xml. ri8?Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.