lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4C5856F6.8030207@bonsai-sec.com>
Date: Tue, 03 Aug 2010 14:50:46 -0300
From: Bonsai Information Security Advisories <advisories@...sai-sec.com>
To: undisclosed-recipients:;
Subject: Bonsai Information Security - Twitter Open
	Redirection Vulnerability

Twitter Open Redirection Vulnerability

1. Advisory Information
Advisory ID: BONSAI-2010-0108
Date published: Tue Aug 3, 2010
Vendors contacted: Twitter
Release mode: Coordinated release

2. Vulnerability Information
Class: Unvalidated Redirects and Forwards
Remotely Exploitable: Yes
Locally Exploitable: Yes

3. Software Description
Twitter is a rich source of instant information. Stay updated. Keep
others updated. It's a whole thing.

4. Vulnerability Description
An open redirect is an application that takes a parameter and redirects
a user to the parameter value without any validation. This vulnerability
is used in phishing attacks to get users to visit malicious sites
without realizing it.

5. Vulnerable packages
Twitter < Mon Aug 2, 2010

6. Non-vulnerable packages
Twitter >=  Mon Aug 2, 2010

7. Credits
This vulnerability was discovered by Nahuel Grisolia ( nahuel at
bonsai-sec.com ).

8. Technical Description
Twitter was prone to an open redirection vulnerability because the
software failed to adequately sanitize user-supplied input.
The following proof of concept is given:
Without having a valid twitter session browse to:

https://twitter.com/login?redirect_after_login=http://www.bonsai-sec.com

After a successful login, the user will be forwarded to
http://www.bonsai-sec.com

9. Report Timeline
* 2010-07-01 / Vulnerability was identified
* 2010-07-06 / First answer from Twitter.
* 2010-07-06 to 2010-08-02 / Multiple emails from Bonsai Research Team.
No answer was given.
* 2010-08-02 / Twitter sent us an email stating that the vulnerability
was patched.
* 2010-08-03 / Public Disclosure.

10. About Bonsai
Bonsai is a company involved in providing professional computer
information security services. Currently a sound growth company, since
its foundation in early 2009 in Buenos Aires, Argentina, we are fully
committed to quality service, and focused on our customers real needs.

11. Disclaimer
The contents of this advisory are copyright (c) 2010 Bonsai Information
Security, and may be distributed freely provided that no fee is charged
for this distribution and proper credit is given.

12. Research
http://www.bonsai-sec.com/en/research/vulnerability.php

13. Blog Post
http://www.bonsai-sec.com/blog/index.php/twitter-open-redirection-vulnerability/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ