Hacker Reckz0r Finds Twitter Vulnerability

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Hacker Reckz0r, who recently breached CNN's Web site, yesterday announced that he'd found a POST SQL injection vulnerability on Twitter's support Web site, but had "no malicious intentions" to exploit the flaw (h/t Cyber War News).

"I located a POST SQL vulnerability on support.twitter.com in their api_general form box, the box uses a 'referrer' parameter which is vulnerable, and by that. We can inject twitter, and possibly extract confidental data from Twitter," the hacker wrote in a Pastebin post. "It seems as most 'large' websites are vulnerable to this kind of attack, including m.facebook.com which was exploited by this vulnerability by some argentinian hacker."

"The vulnerability lies in http://support.twitter.com/forms/submitted?regarding=api_general - You see, there might be dozens of vulnerabilities lying in support.twitter.com," the hacker added. "We can inject hidden boxes in this kind of atmosphere."