MoTB #28: Reflected XSS vulnerability in tweetburner

What is tweetburner
“Tracking the links that you share on Twitter” (tweetburner home page)

Twitter effect
tweetburner can be used to send tweets with the shortened URLs through a form on their website.
tweetburner is using Username/Password authentication in order to utilize the Twitter API.

Popularity rate
Yet another Twitter shortening service. Not as popular as others in this market – 2 twits

Vulnerability: Reflected Cross-Site in the shortened URL creation page.
Status: Unpatched.
Details: The tweetburner shortened URL creation page does not encode HTML entities in the “url” variable, which can allow the injection of scripts.
This vulnerability can be used by an attacker to send tweets on behalf of its victims.

Vendor response rate
The vendor did not respond to any of the emails I sent during the past week – 0 twits.

Share with your friends!
  • Facebook
  • Twitter
  • Google Plus
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Comments are closed.