Twitter Vulnerability Allows Hacker to Delete Credit Card from Any Twitter Account

Twitter Ads network seems to be apparent danger. ย This was revealed by a Egyptian security researcherย 

Aboul-Ela discovered the Twitter hasย 

As per Aboul-Ela, the vulnerability is very critical and high risk because all whatโ€™s needed to delete credit card is to have the credit card identifier which consists only of 6 numbers such as โ€œ220152?.

Any blackhat hacker having prior knowledge of writing simple python code and using ย a simple six numbered loop ย can delete delete all credit cards from all Twitter accounts. ย If any such incident takes place, it will result in a heavy financial loss to Twitter.

I started looking again for some more critical bugs and i successfully found a serious logical vulnerability [insecure direct object reference] in ads.twitter.com that allowed me deleting credit cards from any Twitter account” he wrote.

FIRST VULNERABILITY:

The first vulnerability he spotted was in the delete functionality of credit cards in ‘Payments method’ page. Choosing the delete option in the ‘Payment methods sent a ajax post request to the server. This ajax code had only two parameters in it.

https://ads.twitter.com/accounts/[account id]/payment_methods

delete

Account:ย  the Twitter Account ID

ID : the credit cardย number

“All I had to do is to change those two parameters to my other twitter account id and credit card id , then reply again the requestย  and i suddenly found that credit card have been delete from the other twitter account without any required interaction .” he wrote.

Upon sending the altered ajax code to the Twitter sever, it returned a ย “403 forbidden”‘ error page, But Aboul-Ela says that the credit card actually got deleted in that attempt.

SECOND VULNERABILITY:

dismiss1

Subscribe to our newsletter

To be updated with all the latest news

Abhishek Kumar Jha
Abhishek Kumar Jha
Knowledge is Power

Subscribe to our newsletter

To be updated with all the latest news

Read More

Suggested Post