Security expert Ebrahim Hegazy, Cyber Security Analyst Consultant at Q-CERT, has found a serious vulnerability in Twitter. The Twitter Unrestricted File Upload Vulnerability allows an attacker to upload files of any extension including PHP.
When an application does not validate or improperly validates file types before uploading files to the system, called Unrestricted File upload vulnerability. Such flaws allow an attacker to upload and execute arbitrary code on the target system which could result in execution of arbitrary HTML and script code or system compromise.
This vulnerability could be used by Attackers to conduct Phishing and malware spreading attacks against Twitter users.
Originally posted at Internet Security Magazine