15-Year-Old Finds XSS Vulnerability on Twitter

Belmin Vehabovic, a 15-year old who allegedly is an XSS expert, discovered a cross-site scripting vulnerability on one of Twitter’s developer pages.

The Hacker News reports that Vehabovic found the flaw on the developer’s page where the “Follow Button” and its functionalities are described.

The same “ethical hacker” allegedly found a similar vulnerability in Facebook and now Zuckerberg’s company is offering him $700 (490 EUR) for his find.

“I looked at some tuts before I started finding XSS vulns. When I knew what I was doing I started trying harder sites,” he said in a tweet.

His latest tweet mentions something about an XSS flaw in Google’s Orcut, but there aren’t any details to prove his findings.

I contacted Vehabovic to learn more about his work, so stay tuned to see how exactly he manages to identify the weaknesses.