Bonsai Information Security - Vulnerability Research

Twitter Open Redirection Vulnerability

1. Advisory Information

Advisory ID: BONSAI-2010-0108
Date published: 2010-08-03
Vendors contacted: Twitter
Release mode: Coordinated release

2. Vulnerability Information

Class: Unvalidated Redirects and Forwards
Remotely Exploitable: Yes
Locally Exploitable: Yes

3. Software Description

Twitter is a rich source of instant information. Stay updated. Keep others updated. It's a whole thing.

4. Vulnerability Description

An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it.

5. Vulnerable packages

Twitter < Mon Aug 2, 2010

6. Non-vulnerable packages

Twitter >= Mon Aug 2, 2010

7. Credits

These vulnerabilities were discovered Nahuel Grisolia ( nahuel at bonsai-sec.com ).

8. Technical Description

Twitter was prone to an open redirection vulnerability because the software failed to adequately sanitize user-supplied input. The following proof of concept is given: Without having a valid twitter session browse to:

https://twitter.com/login?redirect_after_login=http://www.bonsai-sec.com

After a successful login, the user will be forwarded to http://www.bonsai-sec.com

9. Report Timeline

2010-07-01:

2010-07-06:

2010-07-06 to 2010-08-02:

2010-08-02:

2010-08-03:

10. About Bonsai

Bonsai is a company involved in providing professional computer information security services. Currently a sound growth company, since its foundation in early 2009 in Buenos Aires, Argentina, we are fully committed to quality service, and focused on our customers real needs.

11. Disclaimer

12. Research

http://www.bonsai-sec.com/en/research/vulnerability.php

13. Blog Post

http://www.bonsai-sec.com/blog/index.php/twitter-open-redirection-vulnerability/