Aussie teen claims credit for Twitter attacks
![darren-pauli.jpg](https://www.zdnet.com/a/img/resize/bdfc11f2449f74e3c2d9f79fbe08505914adabbb/2014/07/22/6d4b849d-1175-11e4-9732-00505685119a/darren-pauli.jpg?auto=webp&fit=crop&frame=1&height=192&width=192)
A Melbourne teenager has flagged a Twitter vulnerability that led to overnight attacks on what security advisers say could be half a million users.
![467350-438-405.jpg](https://www.zdnet.com/a/img/2014/10/02/f7a84be6-4a11-11e4-b6a0-d4ae52e95e57/467350-438-405.jpg)
High School student Pearce Delphin discovered the cross-site scripting (XSS) flaw following user RainbowTwtr's demonstration of a similar vulnerability, which was used to modify the Twitter background. RainbowTwtr exploited the XSS vulnerability to change the profile background picture to a rainbow colour, and tweeted the script in an update. The code was quickly re-tweeted by hundreds of users.
Delphin inserted a mouse-over field containing JavaScript, and the phrase "uh oh" into a script similar to that used by RainbowTwtr. The phrase then appeared as a pop-up message when the mouse pointer hovered over the code. In a email, Delphin said he also created a script that would display a user'sTwitter cookie that includes private information.
For more of this story, read Melbourne teen behind Twitter attacks on ZDNet Australia.