Sunday, July 12, 2009

MoTB #12: Reflected XSS in TweetGrid

What is TweetGrid
"TweetGrid is a powerful Twitter Search Dashboard that allows you to search for up to 9 different topics, events, converstations, hashtags, phrases, people, groups, etc in real-time. As new tweets are created, they are automatically updated in the grid. No need to refresh the page!" (TweetGrid FAQ page)


Twitter effect
TweetGrid can be used to send new tweets and reply to other Twitter users.  TweetGrid is using Username/Password authentication in order to utilize the Twitter API.


Popularity rate
28th place in the Top 100 Twitter Services, according to “The Museum of Modern Betas” 



Vulnerability: Reflected Cross-Site in the Search page.

Status: Patched.

Details: The TweetGrid search page did not encode HTML entities in the "q" variable, which could have allowed the injection of scripts.

This vulnerability could have been used by an attacker to send tweets on behalf of its victims.

Proof-of-Concept: http://tweetgrid.com/search?q=xxx%3C%2Ftitle%3E%3Cscript%3Ealert%28%2Fxss%2F%29%3C%2Fscript%3E


Vendor response rate
Vulnerability was fixed 1 hour after it has been reported.