Wednesday, July 29, 2009

MoTB #28: Reflected XSS vulnerability in tweetburner

What is tweetburner
"Tracking the links that you share on Twitter" (tweetburner home page)


Twitter effect
tweetburner can be used to send tweets with the shortened URLs through a form on their website.
tweetburner is using Username/Password authentication in order to utilize the Twitter API.


Popularity rate
Yet another Twitter shortening service. Not as popular as others in this market - 2 twits


Vulnerability: Reflected Cross-Site in the shortened URL creation page.
Status: Unpatched.
Details: The tweetburner shortened URL creation page does not encode HTML entities in the "url" variable, which can allow the injection of scripts.
This vulnerability can be used by an attacker to send tweets on behalf of its victims.
Proof-of-Concept: http://tweetburner.com/links/create?url=%3Cscript%3Ealert(%22xss%22)%3C/script%3E
Screenshot:



Vendor response rate
The vendor did not respond to any of the emails I sent during the past week - 0 twits.

2 Comments:

Blogger Michiel said...

Hi!

That doesn't look very nice indeed. I'm quite close to the Tweetburner team and I'm sure they would have fixed the problem if they got your messages so for some reason I assume something went wrong there. I'll try to bump them as well.

Thanks for (ab)using Tweetburner and get this problem to daylight ;)

July 30, 2009 11:03 AM  
Anonymous Tweetburner said...

Hi,

Thanks for making us aware of this. We have fixed it.

regards,

Tweetburner

July 30, 2009 3:10 PM  

Post a Comment

<< Home