Respondly: OAuth open redirect

ID H1:7900
Type hackerone
Reporter melvin
Modified 2014-04-22T00:01:46


An attacker can use an open redirect vulnerability in the Twitter OAuth process to redirect someone to his/her webpage, while also obtaining the OAuth token and verifier of the victim.

The vulnerability is right here: When someone authorizes their Twitter account using that URL, the redirect will go to

Recommendation: make sure the requestTokenAndRedirect paramater only accepts hosts on whitelisted domains.