Ahmed Mohamed Hassan Aboul-Ela, a security researcher, has just become richer by $2800.
The researcher/hacker had discovered a major vulnerability in Twitter which lets users delete all the credit cards from any account. He first noticed two different exploits at the ads.twitter.com domain, that, when combined with a simple Python script, would allow a potential hacker to delete all credit cards and therby stop the flow of ad traffic for Twitter, which would result in a huge financial loss for the company. “The impact of the vulnerability was very critical because all that is needed to delete credit cards is the credit card identifier which consists only of six numbers such as ‘220152’,” Aboul-Ela said.
The first flaw was found in the “DELETE” function of the “credit card” option on the payments page. While choosing the “Delete this card” option, an Ajax “POST” request is sent to the server. The post requirements are – The Twitter account ID, and the credentials of the credit card.
Aboul-Ela stated that, “All I had to do is to change those two parameters to my other twitter account id and credit card id , then reply again the request and I suddenly found that credit card have been delete from the other twitter account without any required interaction.”
The second flaw was found in the “DISMISS” option. When an invalid card number was entered, an error message was displayed along with an option to “dismiss” the card. Aboul-Ela found that when he clicked on the option, the credit card was removed from his account. Seeing as only the credit card credentials were the only requirements unlike last time, he modified the credit card’s ID in the URL to his own credit card number. Shockingly, this was deleted as well upon reloading the request. Aboul-Ela has also provided a Youtube video showing the second exploit in action.
He notified Twitter immediately, who rewarded him with $2800 as a part of their “Bug Bounty” program in which they were paying hackers to find potential exploits in the system.
Post a Comment