MoTB #15: CSRF+XSS vulnerabilities in Slandr

What is Slandr
“Slandr delivers an enhanced mobile site for twitter, with: replies, direct messaging, etc..” (Slandr about page)

Twitter effect
Slandr can be used to send tweets, direct messages and follow/unfollow other Twitter users.
Slandr is using Username/Password authentication in order to utilize the Twitter API.

Popularity rate
27th place in the most used twitter clients, according to “TwitStats” – 3 twits

Vulnerabilities:
1) Cross-Site Request Forgery in main update page
Status: Patched.
Details: The Slandr index.php web page did not use authenticity code in order to validate that the HTTP post is coming from the Slandr web application.
This vulnerability could have been used by an attacker to send tweets on behalf of its victims.

2) Reflected POST Cross-Site in the Search page.
Status: Patched.
Details: The Slandr search page did not encode HTML entities in the “search” form field, which could have allowed the injection of scripts.
This vulnerability could have been used by an attacker to automatically send tweets, direct messages or follow/unfollow other twitter users on behalf of the victims.
Proof-of-Concept: http://tweetmeme.com/search.php?for=%3C/title%3E%3Cscript%3Ealert(%22xss%22);%3C/script%3E%3Ctitle%3E
Screenshot:

Vendor response rate
The vendor have published a blog post about these vulnerabilities.
The vulnerabilities were fixed 2 days after they have been reported. Good – 4 twits.


Share with your friends!
  • Facebook
  • Twitter
  • Google Plus
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Comments are closed.

Email