yes we all can…#this is vulnerable if the mal site use this script too.
hi dev, don’t miss it.
Where should we return to after successfully authenticating?
You can override this at any time by sending an oauth_callback while obtaining a request_token.
then follow this step.
first, you must clear your internet browsing cache by hit Ctrl+shift+Del on your keyboard(if you use chrome/firefox), then follow my instruction.. don’t worry.. i won’t hypnotize you, 
because i’m not a magician.. ok, here’s a few step that must you do, to get mashable effect. as dotweekly post about Mashable.com Hijacking Twitter.com Traffic?
1.click this link my simple tuit tuit
then hover my name..
2.then login to http://twitter.com (make sure that you’ve type it correctly )
and see where’s page that twitter send you to?
callback ok….but do you think it will be fallback if it used by bad guys.
hi bird, what will you do after this?