Open Redirect leak of authenticity token lead to full account take over
When on Twitters mobile site viewing private messages you could choose to follow a user who you were speaking with. Using this URL
seifelsallamy found that a URL could be placed in the recipient parameter as so
Which would redirect the user to example.com, but would further more POST the users authenticity token to the example.com. This would give opportunity to a malicious user to steal Twitter accounts.
How To Perform
- Find open redirect
- Use Wireshark or the browser's Network inspector to look for any data that is being passed to a 3rd party.