July 19, 2013
X.com bug bounty is running under the Paypal bug bounty program and i got paid .
Bug1 Add new Application :
X.com provided option to add the new application in account settings. Due to missing of CSRF token this vulnerability successfully executed and unauthorized application is added anonymously in the user’s account .
CSRF Vulnerable URL : https://www.x.com/user/my-account/applications/new
To reproduce this vulnerability i have attached Proof Of Concept ..
Direct Download Link of POC :
https://dl.dropbox.com/u/18007092/x.com%20CSRF%20new%20Application.html
Bug2 Change User’s Avatar
X.com allow to change user’s default avatar.
I found the there is CSRF token is missing in avatar change module , this can be used to set user’s default avtar forcefully.
POC :
<input type=”submit” name=”submit”>
</form>
Thank you Paypal & X.com for running such a good program –
g4h Team.
We Provide Penetration Testing