Twitter: Twitter Card - Parent Window Redirection

ID H1:46818
Type hackerone
Reporter batuhan
Modified 2015-05-04T22:54:25


Hi, I was trying to find XSS on another website and I finally did.

After that I tried share this url on Twitter to show website owner, and noticed that I can run javascript on that iframe.

Javascript that I used on Twitter Card :


You can watch PoC