MoTB #18: Persistent XSS vulnerability in

What is
“ is an established URL shortening service that prepares great-looking short URLs for services like Twitter. If you send URLs out on Twitter, is not only the best name, it is one of the shortest.” ( about page)

Twitter effect can be used to send tweets with the shortened URLs through a form on their website. is using OAuth authentication method in order to utilize the Twitter API.

Popularity rate
Yet another Twitter shortening service. Not as popular as others in this market – 2 twits

Vulnerability: Persistent Cross-Site in Referrer statistics page.
Status: Unpatched.
Details: does not encode HTML entities of the referrer URLs
which can be easily manipulated by attackers, and can allow the injection of scripts.
This vulnerability can be used by an attacker to send tweets on behalf of its victims.
This vulnerability was submitted by Mike Bailey.

Vendor response rate
The vendor did not respond to any of the emails I sent during the past week – 0 twits.

Share with your friends!
  • Facebook
  • Twitter
  • Google Plus
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Comments are closed.