[chris-allen-lane.com] Programming | Security | DIY

Tag: phishing

Cross-Site Scripting with TinyURL for Lulz and Profit

TinyURL is a service that transforms long, inconvenient URLs (like http://www.the-medium-and-the-messenger.com) into short, convenient ones (like http://tinyurl.com/yb6p4oz). Services like TinyURL are frequently used when posting links into Twitter, where character space is at a premium.

Like so many other web technologies, though, TinyURL can be abused for nefarious purposes. Specifically, it can be used for disguising payloads used in Cross-Site Scripting (XSS) attacks.