SQLi Vulnerability Exposed on Twitter Support
We have located a POST SQL vulnerability on support.twitter.com in their api_general form box, the box uses a 'referrer' parameter which is vulnerable, and by that.
We can inject twitter, and possibly extract confidental data from Twitter.
It seems as most 'large' websites are vulnerable to this kind of attack, including m.facebook.com which was exploited by this vulnerability by some argentinian hacker.
The vulnerability lies in:
You see, there might be dozens of vulnerabilities lying in support.twitter.com.
We can inject hidden boxes in this kind of atmosphere.