Twitter: Problem with OAuth

2015-02-04T19:03:25
ID H1:46485
Type hackerone
Reporter anonymous100928
Modified 2015-11-14T16:50:09

Description

There are many website that tracks the unfollowers and all like: http://unfollowerstats.com

  1. Login with ur twitter account, i.e. abcd@mail.com
  2. Open http://unfollowerstats.com, This will ask you to login with twitter:
  3. you will get a link like this: https://api.twitter.com/oauth/authenticate?oauth_token=xpXP21WOzwvsocu7yjQBafl8BKRtKdeH

4. Open Another browser and login with some other user i.e. : xyz@mail.com 5. Open this oAuth link(https://api.twitter.com/oauth/authenticate?oauth_token=xpXP21WOzwvsocu7yjQBafl8BKRtKdeH) on the other browser 6. Authorize this OAuth with user xyz@mail.com

  1. Go to the first browser, and refresh the page and continue to authorize. You will be logged into http://unfollowerstats.com with xyz@mail.com user

-- Tested with 2 such websites