An XSS on Facebook via PNGs & Wonky Content Types - https://fin1te.net/articles/xss-on-facebook-via-png-content-types/ …
@blubbfiction @kkotowicz @mniemietz @fin1te CDN let you specify arbitrary Content-Type for A/V files, and cookies leaked to the subdomain
-
-
@blubbfiction@kkotowicz@mniemietz@fin1te but probably a PITA to exploit because you'd need XSS via A/V encoder outputThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.