Sunday, July 19, 2009

MoTB #19: CSRF+XSS vulnerabilities in Talker

What is Talker
Talker is a Hebrew theme for Israeli twitter users (Talker home page)

Twitter effect
Talker can be used to send tweets, direct messages and follow/unfollow other Twitter users.
Talker is using OAuth authentication method in order to utilize the Twitter API.

Popularity rate
Even though it's operated by one of the biggest Israeli portals and TV channel (Nana10), it has only several thousands users - 1 twit

1) Cross-Site Request Forgery in the update forms
Status: Patched.
Details: Talker update forms did not use authenticity code in order to validate that the HTTP requests are coming from the Talker web application.
This vulnerability could have been used by an attacker to send tweets on behalf of its victims.

2) Reflected POST Cross-Site in the Subject page.
Status: Patched.
Details: Talker subject page did not encode HTML entities of the subject query string, which could have allowed the injection of scripts.
This vulnerability could have been used by an attacker to automatically send tweets, direct messages or follow/unfollow other twitter users on behalf of the victims.

Vendor response rate
The vulnerabilities were fixed 4 days after they have been reported to the vendor. Moderate - 3 twits.


Post a Comment

<< Home