Twitter Ads data pipe seems to be apparent danger.
This was revealed by a Egyptian security researcherAhmed Mohamed Hassan Aboul-Ela.
Aboul-Ela discovered the Twitter hasa critical vulnerability in its advertising service.
This vulnerability, apparently allowed Aboul-Ea to delete any credit information from ANY Twitter account.
If any such incident takes place, it will result in a heavy financial loss to Twitter.
Aboul-Ela found two different vulnerabilities in ads.twitter.com, and he has submitted the PoC for both of them.
Choosing the delete option in the Payment methods sent a ajax post request to the server.
This ajax code had only two parameters in it.
By clicking Dismiss button, the credit card was disappeared from his account.
Unlike first vulnerability, the account parameter doesnt exist in this request and only credit card Id is used.
source: www.techworm.net
