twitter not paying whitehats. what could go wrong?
this one recently disclosed a vulnerability that would have allowed people to gain control of the twitter accounts of users who merely clicked malicious links
Chaofan Shou @shoucccc 10h And we got the full JS exploit to chain with this XSS vulnerability! In another word, visiting this link earlier today would take over your account: Chaofan Shou @shoucccc 10h It is highly irresponsible for Twitter to ignore these security issues and not pay the whitehats. The architecture and design patterns also need to be corrected. x_austin X (Formerly Twitter) staff closed the report and changed the status to Resolved. Updated 6 hours ago X (Formerly Twitter) has decided that this report is not eligible for a bounty. 6 hours ago No award due to program ban
rabbit @rabbit_2333 I submitted this bug report and didn't receive a bounty. You told me that this bug has existed for a year. Seeing that you haven't fixed it for so long, it seems that this bug is not important, so I made it public. Screenshot of conversation from HackerOne: x_austin X (Formerly Twitter) staff posted a comment. a minute ago @rabbit2333 why are you publicly disclosing security issues instead of submitting them to our bug bounty program? Would you mind deleting this post? This is something we're aware of and are addressing. Image F2918855: image.png 26.90 KIB
on the twitter link bug yesterday, which was highly coincidentally timed with the disclosure of a massive vulnerability that twitter refused to pay a bounty for
@molly0xfff Given the state of Twitter, why would anyone go "whitehat" and report this rather than just utilizing it on the most awful accounts still there??
@molly0xfff@binarytango ….and with that, also: any “login with Twitter/X” federated sign-ons they’ve established for other apps and services. Good grief.
Add comment