View RSS Feed


  1. Twitter Translation Center CSRF (Change Badge and Notification Settings)

    On 28th September 2012, I found a Cross-Site Request Forgery vulnerability on which is the Twitter Translation Center.

    While checking the service I landed up on the "Accounts Settings" page which looked like this.

    Name:  settings.jpg
Views: 8776
Size:  30.0 KB

    So we've two options here, first one toggles the Twitter Badge setting on and second one toggles the badge related notification.

    POST request ...

    Updated 10-20-2012 at 11:20 AM by prakhar