Saturday, July 11, 2009

MoTB #11: Twitturly Persistent XSS

What is Twitturly
"Twitturly tracks the URLs flying around the Twitterverse and provides a quick, real-time view of what people are talking about on Twitter." (Twitturly about page)


Twitter effect
Twitturly can be used to send tweets to other Twitter users.
Twitturly is using Username/Password authentication in order to utilize the Twitter API.


Popularity rate
19th place in the Top 100 Twitter services of The Museum of Modern Betas Labs - 4 twits



Vulnerability: Persistent Cross-Site in Twitturly URLs view page.
Status: Patched.
Details: Twitturly did not encode HTML entities in the un-shortened URLs it displays, which could have allowed the injection of scripts.
This vulnerability could have allowed an attacker to send tweets on behalf of its victims.
Screenshot:



Vendor response rate
The vulnerability was fixed 2 hours after it has been reported. Excellent - 5 twits.

0 Comments:

Post a Comment

<< Home