MoTB #11: Twitturly Persistent XSS
What is Twitturly
"Twitturly tracks the URLs flying around the Twitterverse and provides a quick, real-time view of what people are talking about on Twitter." (Twitturly about page)
Twitter effect
Twitturly can be used to send tweets to other Twitter users.
Twitturly is using Username/Password authentication in order to utilize the Twitter API.
Popularity rate
19th place in the Top 100 Twitter services of The Museum of Modern Betas Labs - 4 twits
Vulnerability: Persistent Cross-Site in Twitturly URLs view page.
Status: Patched.
Details: Twitturly did not encode HTML entities in the un-shortened URLs it displays, which could have allowed the injection of scripts.
This vulnerability could have allowed an attacker to send tweets on behalf of its victims.
Screenshot:
Vendor response rate
The vulnerability was fixed 2 hours after it has been reported. Excellent - 5 twits.
"Twitturly tracks the URLs flying around the Twitterverse and provides a quick, real-time view of what people are talking about on Twitter." (Twitturly about page)
Twitter effect
Twitturly can be used to send tweets to other Twitter users.
Twitturly is using Username/Password authentication in order to utilize the Twitter API.
Popularity rate
19th place in the Top 100 Twitter services of The Museum of Modern Betas Labs - 4 twits
Vulnerability: Persistent Cross-Site in Twitturly URLs view page.
Status: Patched.
Details: Twitturly did not encode HTML entities in the un-shortened URLs it displays, which could have allowed the injection of scripts.
This vulnerability could have allowed an attacker to send tweets on behalf of its victims.
Screenshot:
Vendor response rate
The vulnerability was fixed 2 hours after it has been reported. Excellent - 5 twits.
0 Comments:
Post a Comment
<< Home