
Unrestricted File upload vulnerability. Such flaws allow an attacker to upload and execute arbitrary code on the target system
which could result in execution of arbitrary HTML and script code or system compromise.
According to Ebrahim, when a developer creates a new application for Twitter i.e. dev.twitter.com - they have an option to
upload an image for that application.
While uploading the image, the Twitter server will check for the uploaded files to accept certain image extensions only, like
PNG, JPG and other extensions won’t get uploaded.
But in a Video Proof of Concept he demonst
#CyberNews,
AFU,
Twitter,