New Serious Vulnerability Found in Twitter - BestCyberNews: Online News Presenter in the present world

BestCyberNews: Online News Presenter in the present world

Start knowing

test banner

Breaking

New Serious Vulnerability Found in Twitter

Ebrahim Hegazy is a Cyber Security Analyst Consultant at Q-CERT, has found a serious vulnerability in Twitter that allows an attacker to upload files of any extension including PHP.


Hegazy said The vulnerability allowed me to bypass this security check/validation and to successfully upload .htaccess and .php files to twimg.com server. twimg.com is working as a CDN (content delivery network) which mean that every time I upload a file it will be hosted on a different server/subdomain for twimg.com and twimg.com works as a CDN and so upload PHP files in this instance would not allow an attacker to execute commands on the server, but the vulnerability could allow the service to be employed as as a botnet command and control server and to host malicious code.

He was released a Video proof that is demonstarting the vulnerability allowed him to bypass security validation and an attacker can successfully upload the .htacces and .PHP files to twimg.com server.
Loading icon  Loading...


0:00 / 2:40

Hegazy also discovered a bug that could have been exploited to perform redirects of users to malicious websites. Both vulnerabilities have been mitigated by Twitter.
Twitter recognized the criticality of the unrestricted File upload Vulnerability and Hegazy name to their Hall of Fame and Hegazy also found an open redirection Vulnerability in Twitter on 15th Sept. that has been Fixed.
I would suggest to Twitter need to start the Big Bounty Program.

No comments:

Post a Comment