Is it a bug that you could do something like this https://secure.twitch.tv/login?login=&redirect_on_login=[HEX WITH %]
you could grab someone's ip or redirect to a virus
Facebook:
https://secure.twitch.tv/login?login=&redirect_on_login=%68%74%74%70%3a%2f%2f%66%61%63%65%62%6f%6f%6b%2e%63%6f%6d
I can see some noob hacker would use this to A. infect someone with a virus B. grab streamers ip and ddos the person C. Link to some porn site, scam site, video with some one cut in half etc. or something else.
↧
