Twitter.com POST SQL Injection Vulnerability

SUBMITTED BY: Guest

DATE: Nov. 9, 2013, 3:32 p.m.

FORMAT: Text only

SIZE: 1.2 kB

Raw Download

HITS: 780

Report
  1. ____ _ ___
  2. | _ \ ___ ___| | __ ____/ _ \ _ __
  3. | |_) / _ \/ __| |/ /|_ / | | | '__|
  4. | _ < __/ (__| < / /| |_| | |
  5. |_| \_\___|\___|_|\_\/___|\___/|_|
  7. twitter.com/Reckz0r
  9. ------------
  11. Hello there, fine peasants, Yet. I'm here again, and this time. It's even more big, but I have no malicious intentions since I don't wanna get my ass suspended.
  13. I located a POST SQL vulnerability on support.twitter.com in their api_general form box, the box uses a 'referrer' parameter which is vulnerable, and by that. We can inject twitter, and possibly extract confidental data from Twitter.
  16. It seems as most 'large' websites are vulnerable to this kind of attack, including m.facebook.com which was exploited by this vulnerability by some argentinian hacker.
  18. http://i.imgur.com/3btpI6W.png - screenshot
  20. The vulnerability lies in http://support.twitter.com/forms/submitted?regarding=api_general - You see, there might be dozens of vulnerabilities lying in support.twitter.com. We can inject hidden boxes in this kind of atmosphere.
  22. cheers,
  23. twitter.com/Reckz0r
comments powered by Disqus