Blog Details

Posted in: Blog, Posted On: Jan 20, 2014,Posted By: cyberinfoadmin

Twitter Cookie Reuse Vulnerability dated 27-Nov-13 (mobile.twitter.com)

Twitter Cookie Reuse Vulnerability Introduction


Twitter is an online social networking and microblogging service that enables users to send and read “tweets”, which are text messages limited to 140 characters. It has 200 million active users (February 2013) – Wikipedia
Cookie is the information that a website stores into our computer or device, with several purposes as:

Identification

Save configuration

Save preferences

Store historical information ( as for example last purchase )

Save user personal information

Store the session for networked sites

Scenario

Yesterday morning Security Researcher Noah J Franklin from CyberInfoSec came across with one of the security vulnerability on the Twitter site for mobile users mobile.twitter.com. As usually do, I logged into my twitter account and logged out, I downloaded my cookies from the browser and saved it into my desktop as cookies.txt, and again I uploaded the cookies into the browser and I automatically logged into my twitter account.
Off course its a cookie vulnerability which is not patched well on server side 🙂

Real Time Attack Browser Exploit

Imagine attacker posted a tweet in his twitter with a malicious url that helps him to hook all the browser cookie all visited attacker tweet (Browser Level Exploit Beef) once attacker got the cookie he can again access to victim account .

Officially We Reported to Twitter Security Team


After We got the Response from the Twitter security Team we are Publishing this to public

Explanation

Sometimes the “cookie” is not destroyed from server side,

Steps to reproduce it ( At your very own risk ) :

Step 1 : Download Mozilla Fire Fox install Cookie import/export addons

Step 2 : Open mobile.twitter.com and login to twitter account

Step 3 : Go to Options Export Cookie –>save it as cookies.txt

Step 4 :Log out from your Account

Step 5 : Close all the Tabs and open new Tab

Step 6 :Go to Options Import Cookies –> Select the cookies.txt where u saved .

Step 7 :Open mobile.twitter.com

Step 8 : can Tweet from that account


Note : Consider This is a case while visiting a malicious website , the attacker is tries to steal the browser cookies while the user is accessing mobile.twitter.com account obviously attacker can access mobile.twitter .com cookies too , so attacker can log in to victim’s account . Attacker can access victim cookies from any where in this world 🙂 Can be Exploit in Different Ways like remote code execution , buffer overflow, Browser Level Exploit (Beef) Etc…

Video Demo: