Twitter Vulnerability Allows Hacker to Delete Credit Cards from Any Twitter Account

Twitter Vulnerability Could Delete Credit Cards from Any Twitter Account, Delete Credit Cards from Any Twitter Account, Twitter Vulnerability, Twitter security, hacking twitter, Twitter loop holes, Twitter bug bounty
Admin
Admin
Twitter Vulnerability Could Delete Credit Cards from Any Twitter Account, Delete Credit Cards from Any Twitter Account, Twitter Vulnerability, Twitter security, hacking twitter, Twitter loop holes, Twitter bug bounty
Just a month before micro blogging site Twitter have started its bug bounty program, a program that have helped many firm, organisation in related to the security concerns. After the disclosure  program, security researcher started testing Twitter in an ethical manner. And now a researcher came with its great bug finding.

An Egyptian Security Researcher, Ahmed Mohamed Hassan Aboul-Ela, have discovered a critical vulnerability in Twitter’s advertising service that allowed him deleting credit cards from any Twitter account.

There were two vulnerability that Aboul-Ela had discovered but both of them have the same impact. Both vulnerability was addressed on twitter ads page (ads.twitter.com). The first vulnerability was spotted in the Delete functionality of credit cards in payments method page, https://ads.twitter.com/accounts/[account id]/payment_methods

By choosing the Delete this card function, an ajax POST request is sent to the server. On the request there was two parameters that to be noticed- account=18ce53wqoxd&id=219643. Here Account is users twitter account id and Id refers to the credit card id and it’s numerical without any alphabetic characters.
Twitter Vulnerability Could Delete Credit Cards from Any Twitter Account, Delete Credit Cards from Any Twitter Account, Twitter Vulnerability, Twitter security, hacking twitter, Twitter loop holes, Twitter bug bounty

So Aboul-Ela wrote, “All I had to do is to change those two parameters to my other twitter account id and credit card id , then reply again the request and I suddenly found that credit card have been delete from the other twitter account without any required interaction,”
The page response was “403 forbbiden” but in actual, the credit card was deleted from the account.

The second vulnerability was similar to the first one but this one have the high impact then previous one. When he tried to add an invalid credit card to his twitter account, it displayed an Error message “We were unable to approve the card you entered” and serve “Dismiss” button. Clicking on the button, the credit card was disappeared from his account.

Now this time request made with the following parameters-
utf8=%E2%9C%93&authenticity_token=Lb6HONDceN5mGvAEUvCQNakJUspD60Odumz%2FtrVdQfE%3D&id=220152&dismiss=Dismiss

This time account parameter doesn't exists and only credit card id is used. He modified the credit card Id in the URL and body to his credit card Id from other twitter account and then replied the request. By sending this modified request the credit card got deleted from the other twitter account.

For demonstrating this vulnerability Aboul-Ela have published a POC video-
Read Also
You may like these posts Show all
Post a Comment
Table of Contents

Loading…