View RSS Feed

prakhar

  1. Twitter Translation Center CSRF (Change Badge and Notification Settings)

    On 28th September 2012, I found a Cross-Site Request Forgery vulnerability on http://translate.twttr.com which is the Twitter Translation Center.

    While checking the service I landed up on the "Accounts Settings" page which looked like this.


    Name:  settings.jpg
Views: 2646
Size:  30.0 KB

    So we've two options here, first one toggles the Twitter Badge setting on Twitter.com and second one toggles the badge related notification.

    POST request ...

    Updated 10-20-2012 at 11:20 AM by prakhar

    Categories
    Uncategorized