Wednesday, July 29, 2009

MoTB #29: Reflected XSS in

What is
"Share stock charts on Twitter" ( home page)

Twitter effect can be used to send tweets and follow other twitter users. is using OAuth authentication method in order to utilize the Twitter API.

Popularity rate
A not so popular alternative to StockTwits - 1 twit

Vulnerability: Reflected Cross-Site in the Search page.
Status: Unpatched.
Details: The search page does not encode HTML entities in the "q" variable, which can allow the injection of scripts.
This vulnerability can used by an attacker to send tweets on behalf of its victims.

Vendor response rate
The vendor did not respond to any of the emails I sent during the past week - 0 twits.


Post a Comment

<< Home