prior to it was fastened earlier this year, a flaw in Twitter could have allowed an attacker to tweet as any person.
Twitter was once fast to resolve the problem, fixing it three days after the researcher–a bug hunter who goes with the aid of the deal with Kedrisch–stated it via HackerOne. Kedrisch discovered the vulnerability in February and used to be awarded a $ 7,560 bounty days later in March. The researcher published important points on the flaw earlier this month, but the HackerOne ticket wasn’t made public unless Monday.
submit tweets through another consumer. Write-uphttps://t.co/5hDenQWAc1 . Thanks @Hacker0x01 and @twitter.#BugBounty #writeup #hackerone
— kedrisec (@kedrisec) could 4, 2017
The vulnerability was tied to Twitter’s advert platform, commercials.twitter.com, a self-provider platform that allows companies to promote tweets, money owed, and display merchandising campaigns throughout the social community.
in keeping with Kedrisch’s writeup of the vulnerability, he was once able to intercept a request and change two parameters, owner_id and user_id, to tweet as any other person.
He bought a handful of error messages in the beginning however sooner or later was once able to get a response that his tweet used to be successfully revealed. The vulnerability, at least at first, relied on the attacker uploading a media file, like a picture, into tweets they wish to want to ship. in step with Kedrisch just having the image isn’t sufficient, an attacker desires the filename associated with the picture, a media_key, one thing that can be troublesome to determine.
“consumer which we use to make a e-newsletter will need to have a media-file uploaded. moreover, it’s wanted needed to know media_key of this file and it’s nearly unattainable to expose it through the manner of brute force, as it incorporates 18 digits,” Kedsrisch wrote, “In my explorations I didn’t find 100% approach to comprehend this media_key. there were always some restrictions and circumstances which allow to get that media_key.”
through importing a picture file and sharing it with a person – something Twitter commercials allows – Kedrisch realized he may perform the same attack with out that 18 digit code. instead he found he might intercept the same post request that’s sent to Twitter when a user tweets and swap out the Twitter deal with.
Twitter marked the vulnerability as high severity consistent with Kedrisch’s HackerOne document.
“This worm was once patched right away after being triaged and no proof was once discovered of the flaw being exploited via someone rather then the reporter,” Twitter instructed Threatpost Wednesday.
in step with Twitter’s HackerOne web page the corporate has paid out $ 703,240 to researchers for bugs in view that launching its computer virus bounty program in may just 2014. while Kedrisch’s $ 7,560 bounty could appear low to a few, its in line with what the company often will pay for a “vital Authentication Bypass” in Core Twitter: $ 7,500. far off code execution vulnerabilities within the service can fetch up to twice that amount the first stop for safety information