A critical flaw in processes designed for use by application developers using the Twitter Developer Center allow for unrestricted file uploads, according to a vulnerability researcher.
Ebrahim Hegazy discovered that arbitrary files can be uploaded to Twitter’s systems, including adding PHP files to Twitter’s images servers. The process should only allow file types like PNG, JPG to be uploaded, and should exclude other file extension types, but the flaw he discovered allowed him to bypass that protocol.
“The vulnerability allowed me to bypass this security check/validation and to successfully upload .htaccess and .php files to twimg.com server. twimg.com is working as a CDN (content delivery network) which mean that every time I upload a file it will be hosted on a different server/subdomain for twimg.com,” Hegazy said.
Fortunately, twimg.com works as a CDN and so upload PHP files in this instance would not allow an attacker to execute commands on the server, but the vulnerability could allow the service to be employed as as a botnet command and control server and to host malicious code.
Hegazy also discovered a bug that could have been exploited to perform redirects of users to malicious websites. Both vulnerabilities have been mitigated by Twitter.
A video by Hegazy demonstrating the unrestricted file upload vulnerability is available on YouTube.
Read More Here…