How I earned 5040$ from Twitter by showing a way to Harvest other users IP address
![](https://0xprial.com/wp-content/uploads/2018/11/Featured-Image-for-how-I-earned-5040-from-twitter-bugbounty-1024x597.png)
Hi guys, This is one of my old finding adding to my blog. Recently I disclosed a POC on How I was able to get all vine user’s sensitive Information including Phone no/IP Address/Emails and Many more that was reported to Twitter and they patched it and rewarded me 7560$. Those who missed it you […]
Unclaimed Medium Publication takeover in WeTransfer
![](https://0xprial.com/wp-content/uploads/2018/07/Publication-Takeover-P0C-By-Prial-1-1024x512.png)
Today I will share a Security issue I found on WeTransfer. WeTransfer has a paid bug-bounty program under Zerocopter. So I start testing their sites. While I was brute-forcing wetransfer.com with DIRB script I got some directories what was redirecting users to the Medium Publication link. Those directories look like https://wetransfer.com/blogger (CODE:301|SIZE:0) (Location: ‘https://medium.com/wetransferger’) https://wetransfer.com/bloggers (CODE:301|SIZE:0) […]
External link warning page bypass in Zerocopter
![](https://0xprial.com/wp-content/uploads/2018/04/Zerocopter-External-link-bypass-1024x512.png)
Description: zerocopter.com is a bug bounty platform for Ethical hackers just like Hackerone. In Zerocopter reports, users can use Markdown. Users are also allowed to give external links in reports. If a user clicks on the External link in reports then it takes the user to an external warning page like the below screenshot But I […]