Thanks to some digging around in the inner workings of Twitter’s video website Vine, white hat hacker avicoder was able to download the entire source code to the popular service.
As he was looking at various ways to breach the website’s security, he found an interesting domain that could recreate a local version of Vine.
Do business with 5,000 people
Momentum by TNW is our New York technology event for anyone interested in helping their company grow.
There are a lot of things hidden in a website’s source code that makes it vulnerable to attacks. Luckily, avicoder has helped fix multiple Twitter bugs in the past and wasn’t looking to do any harm.
This is what happened when he reported the bug through Twitter’s HackerOne bounty program:
- March 21,2016 – Bug Reported through Hackerone
- March 22,2016 – Need more info
- March 31,2016 – Full exploitation shown
- March 31,2016 – Bug fixed (within 5 min)
- April 2,2016 – $10,080 Bounty awarded
Can you hear that sound? That’s the echo of a lot of Twitter developers collectively shitting their pants.
If you’re interested in an in-depth technical explanation of the bug and how it was found, make sure to check out avicoder’s blog post.
: