A cross-site request forgery has injured Twitter users.

It looks like a tone of Twitter.com users just started sending out Tweets saying “I Like Anal Sex With Goats.”

This Tweet is followed by another one that says “WTF” and includes a link. And if a user clicks on this link, it appears that it will cause a user to send out the same series of Tweets from his or her account.

It should only affect twitter.com, as it relies on an iframe of twitter.com and a little JavaScript to post the tweet form (twice). It seems that if a user click this link “http://pastehtml.com/view/1b7xk3b.html”, and a user is signed into Twitter, it will autotweet two Tweets with the sex with goats bit and the WTF link.

A bit later, Twitter has posted the message on their Status blog, stating “A malicious link is making the rounds that will post a tweet to your account when clicked on. Twitter has disabled the link, and is currently resolving the issue.” Besides, Twitter noticed it has fixed the exploit and are removing the “offending Tweets.”