Twitter


reports in last 90 days

178

disclosed resolved issues

24

disclosed informative issues

1

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

Critical Periscope-all Firebase database takeover

Improper Access Control - Generic deeptiman Time to triage: 1 Days and 19 hours


Time to close: 17 Days and 20 hours
Resolved

Medium login csrf in analytics.mopub.com

Cross-Site Request Forgery (CSRF) protostar0 Time to triage: 3 Days and 12 hours


Time to close: 112 Days and 20 hours
Resolved

Critical Ability to perform actions (Tweet, Retweet, DM) and other actions, unauthenticated, on any account with SMS enabled.

Business Logic Errors antisocial_eng Time to triage: 4 Days and 22 hours


Time to close: 8 Days and 1 hours
Resolved

Medium Reports Modal in app.mopub.com Disclose by any user

Information Disclosure updatelap Time to triage: 6 Days and 17 hours


Time to close: 112 Days and 20 hours
Resolved

No rating XSS and Open Redirect on MoPub Login

Open Redirect jackb898 Time to triage: 2 Days and 19 hours


Time to close: 9 Days and 22 hours
Resolved

High AppLovin API Key hardcoded in a Github repo

Cleartext Storage of Sensitive Information anshuman_pattnaik Time to triage: 3 Days and 21 hours


Time to close: 17 Days and 0 hours
Resolved

Critical Potential pre-auth RCE on Twitter VPN

OS Command Injection orange Time to triage: 0 Days and 10 hours


Time to close: 2 Days and 21 hours
Resolved

Critical Html Injection and Possible XSS via MathML

Cross-site Scripting (XSS) - Generic faceless_man Issue was not triaged


Time to close: 4 Days and 22 hours
Duplicate

Critical Potential pre-auth RCE on Twitter VPN

OS Command Injection orange Time to triage: 0 Days and 10 hours


Time to close: 2 Days and 21 hours
Resolved

Low Wrong Interpretation of URL encoded characters, showing different punny code leads to redirection on different domain

Open Redirect mr_edwards Time to triage: 4 Days and 9 hours


Time to close: 39 Days and 0 hours
Resolved

Medium Github Token Leaked publicly for https://github.com/mopub

Cleartext Storage of Sensitive Information muhammad139 Time to triage: 0 Days and 21 hours


Time to close: 0 Days and 0 hours
Resolved

Critical Potential pre-auth RCE on Twitter VPN

OS Command Injection orange Time to triage: 0 Days and 10 hours


Time to close: 2 Days and 21 hours
Resolved

Medium cookie injection allow dos attack to periscope.tv

Denial of Service protostar0 Issue was not triaged


Time to close: 16 Days and 12 hours
Resolved

Medium Twitter Periscope Clickjacking Vulnerability

UI Redressing (Clickjacking) eo420 Time to triage: 2 Days and 10 hours


Time to close: 7 Days and 0 hours
Resolved

No rating Verify any unused email address

Improper Access Control - Generic seifelsallamy Time to triage: 6 Days and 10 hours


Time to close: 5 Days and 23 hours
Resolved

No rating XSS on OAuth authorize/authenticate endpoint

Cross-site Scripting (XSS) - Generic filedescriptor Time to triage: 16 Days and 8 hours


Time to close: 47 Days and 20 hours
Resolved

No rating HTTP Response Splitting (CRLF injection) in report_story

None supplied filedescriptor Time to triage: 1 Days and 10 hours


Time to close: 11 Days and 4 hours
Resolved

Medium [Gnip Blogs] Reflected XSS via "plupload.flash.swf" component vulnerable to SOME

Cross-site Scripting (XSS) - Reflected ysx Time to triage: 0 Days and 16 hours


Time to close: 1 Days and 20 hours
Resolved

Critical Opportunity to post hidden comments

Business Logic Errors csanuragjain Issue was not triaged


Time to close: 0 Days and 16 hours
Informative

High GNIP subdomain take over

None supplied hussein98d Time to triage: 0 Days and 8 hours


Time to close: 28 Days and 21 hours
Resolved

No rating CSRF on cards API

Cross-Site Request Forgery (CSRF) filedescriptor Time to triage: 3 Days and 10 hours


Time to close: 1 Days and 23 hours
Resolved

Medium [dev.twitter.com] XSS and Open Redirect

None supplied bobrov Time to triage: 8 Days and 4 hours


Time to close: 34 Days and 20 hours
Resolved

No rating Attacker can get vine repost user all informations even Ip address and location .

Improper Authentication - Generic prial261 Time to triage: 1 Days and 13 hours


Time to close: 0 Days and 1 hours
Resolved

No rating [Studio.twitter.com] See someone else pics

Improper Authentication - Generic appsecure_in Time to triage: 0 Days and 16 hours


Time to close: 1 Days and 18 hours
Resolved

High [URGENT] Opportunity to publish tweets on any twitters account

None supplied kedrisch Time to triage: 1 Days and 20 hours


Time to close: 1 Days and 0 hours
Resolved