Wednesday, May 22, 2013

SQLi Exposed on Twitter Support #LulzVulnerabilities

 SQLi Vulnerability Exposed on Twitter Support

We have located a POST SQL vulnerability on in their api_general form box, the box uses a 'referrer' parameter which is vulnerable, and by that. 
We can inject twitter, and possibly extract confidental data from Twitter.

It seems as most 'large' websites are vulnerable to this kind of attack, including which was exploited by this vulnerability by some argentinian hacker.

The vulnerability lies in: 

You see, there might be dozens of vulnerabilities lying in
We can inject hidden boxes in this kind of atmosphere.