How I was able to Harvest other Vine users IP address
Hello BugBountyPoc viewers,This is Prial again . Today I will share about another Information disclosure Vulnerability which was leaking users IP address . Last time I disclosed a POC on How I was able to get all vine users sensitive Information including Phone no/ IP Address / Emails and Many more what was reported to twitter and they patched it and rewarded me 7560$ . Those who missed it you can get the POC Here and Orginal Report Here .
- TO reproduce this issue victim User have to repost any vine in his timeline and a lot of vine users reposted many Vine post in their timeline .
- So Copy a Reposted Vine POST ID and place it in the Endpoint and visit it . Example : https://vine.co/api/timelines/users/1293308695089926144
- Now when I visited the link I got a response like below (The contents was removed by twitter security team ) :-
- As you can see the IP address value is converted now Just Use my give online tool to again convert it to valid ip address value .
This is for today . Hope you guys will like it .
Thanks for Reading .