CSRF vulnerability allows Twitter ‘follow’ abuse

September 11, 2008 – 5:53 AM

Last week, TechCrunch’s Jason Kincaid wrote about an obvious Twitter vulnerability that allowed a user called “johng77536″ to game the popular micro-blogging service to add thousands of followers (subscribers) in a short period of time.

The “johng77536″ account has since been disabled but a security researcher tracking Twitter security flaws and weaknesses has discovered a new vulnerability that lets users easily game the “follow” system.

Aviv Raff has launched a new Web site called TwitPwn.com with basic details of his discovery.


You must be logged in to post a comment.