X (Formerly Twitter): character limitation bypass can lead to DoS on Twitter App and 500 Internal Server Error

Summary: If you are creating a new moment on https://twitter.com/username/moments you get redirected to https://twitter.com/i/moments/edit/moments-id. There you can set a title, a description and also you can add, if you want, a Tweet to your Moment. The title and also the description are...

Limitation of 256 characters only for TUNNEL_EXCLUDE_DOMAINS client property

When we try to add TUNNELEXCLUDEDOMAINS client property, it limits only for 256 characters. Due to which we cannot add extra domains apart from default ones. Default list:...

New Relic: Stored XSS in Brower `name` field reflected in two pages

The Name field of the Brower apps feature is not properly escaped in at least two pages. An attacker can create a new browser application with a specially crafted Name field which will be reflected and interpreted by other users visiting these two pages. Leveraging this vulnerability, I was able ...