Unauthorized TinyURL URL Enumeration Vulnerability

TinyURL is a popular and convenient social media tool, which takes long URLs and shortens them.  This is especially useful with services such as Twitter, which only allows posts up to 140 characters.

Although useful, it is important to exercise caution when using TinyURL.  Security flaws within your URL could compromise your security and privacy.

For example, it is relatively simple to exploit usernames and passwords from a URL.  Session IDs are also easy to extract from a URL.  Lastly, it is simple for attackers to conceal SPAM or malicious code by changing a URL.

There’s no need to shy away from using TinyURL.  It can be safely used, with the right cautions.

Before you post a link on twitter, don’t just copy and paste your URL into TinyURL.  Take a moment to review the URL to ensure it doesn’t contain your username, password, or other sensitive data.

Also, remember not to click links from an untrusted email or website.  This is never a safe practice!

Keep firing away those tweets and other social media messages, but take a moment to make sure you are not doing something unsafe.  After all, it is your private data – and it is in your best interest to keep it that way.

Leave a Comment