X (Formerly Twitter): http request smuggling in pscp.tv and periscope.tv

Description: the Description of HTTP request smuggling attacks : here seems that many subdomains in pscp.tv and periscope.tv vulenrable 1-Detect HTTP request smuggling attack 504 response with delay 30 s, 60s "DoS" POC & Steps To Reproduce: in this video F606648 Resource:...

X (Formerly Twitter): cookie injection allow dos attack to periscope.tv

Description: i find in periscope.tv a parameter "createuser" allow to inject "loginissignup" cookie, when tested with crlf payload get response "HTTP/1.1 504 GATEWAYTIMEOUT" Link Vulnerable: https://www.periscope.tv/i/twitter/login?createuser=payload&csrf=yourcsrftoken Steps To Reproduce: 1. go t...

X (Formerly Twitter): Clickjacking Periscope.tv on Chrome

Hi, The X-FRAME-OPTIONS header returned from https://www.periscope.tv is: X-Frame-Options: ALLOW-FROM https://twitter.com/ But Chrome doesn't support this value for the header: https://www.owasp.org/index.php/ClickjackingDefenseCheatSheet. Because of that, no value for X-FRAME-OPTIONS is set and...