For those who ask what is the potential impact of this vuln : an attacker can inject a malicious HTTP request into the web server in order to bypass internal security controls. The point is that, most of the time, the web servers do not check for security mesures in a smuggled http request. In addition, some of the ressources available on the web server are often not accessible outsite of the web server itself. So performing a request like this can allow the attacker to gain access to protected ressources such as admin panel etc...
Since the tweet is not made in another account, I guess that´s why the bug got only 3k. If it had been a tweet in a different account, it would've gotten a higher bounty. Remember that this is not directly for vulnerabilities, but for bugs too. I guess that's why it's called "Bug Bounty" and not "Vulnerability Hunting".
@@joshuavega2193 He should have gone for Ssrf through this... Server would have accepted the 1st request as original and yet answered the second request as valid.
Actually it has. The person didnt showed this but what he was trying to depict is How vulnerable the security is, The person could insert malicious request To weaken the security which already is.like he can insert JavaScript or injections to ask for Passwords from the system cuz he already infiltrated it
Bro can you explain, what is the Impact. Because you are tweeting another tweet from the same account. I am new to this vulnerability and many times I found this vuln but not able to show Impact and no-one will accept it wihout any serious impact. Pls explain the impact.
Since the tweet is not made in another account, I guess that´s why the bug got only 3k. If it had been a tweet in a different account, it would've gotten a higher bounty. Remember that this is not directly for vulnerabilities, but for bugs too. I guess that's why it's called "Bug Bounty" and not "Vulnerability Hunting".
For those who ask what is the potential impact of this vuln : an attacker can inject a malicious HTTP request into the web server in order to bypass internal security controls. The point is that, most of the time, the web servers do not check for security mesures in a smuggled http request. In addition, some of the ressources available on the web server are often not accessible outsite of the web server itself. So performing a request like this can allow the attacker to gain access to protected ressources such as admin panel etc...
thanks!
And they only pay 3000$ for that? 😂 We all better use it to make money, selling data on darkweb and laundering the money
Nice catch... 👍
Dear good find
Would like to know how would you convince them it's a vulnerability and what is the impact
Since the tweet is not made in another account, I guess that´s why the bug got only 3k. If it had been a tweet in a different account, it would've gotten a higher bounty. Remember that this is not directly for vulnerabilities, but for bugs too. I guess that's why it's called "Bug Bounty" and not "Vulnerability Hunting".
@@joshuavega2193 nice reminder heheh
@@joshuavega2193 He should have gone for Ssrf through this... Server would have accepted the 1st request as original and yet answered the second request as valid.
Great Finding
thier can be no affect on this its just ur forwaring the tweet request with some changes
Actually it has. The person didnt showed this but what he was trying to depict is How vulnerable the security is, The person could insert malicious request To weaken the security which already is.like he can insert JavaScript or injections to ask for Passwords from the system cuz he already infiltrated it
No idea why they awarded you 3k for this lol. The 2nd request would still be posted successfully even without the first one.
Hello, what background music did you used ?
Thanks!
what tool do you use to find out if it's xss?
Smuggler
@@educationhive Is it safe or does it have a virus?
safe
Bro how to install the burp suite version 1.7.35 ?
I will send there if I send here yt can strike
❣❣
Bro can you explain, what is the Impact. Because you are tweeting another tweet from the same account. I am new to this vulnerability and many times I found this vuln but not able to show Impact and no-one will accept it wihout any serious impact. Pls explain the impact.
I will explain here at night
@@educationhiveis it night yet?
@@the_sandman00 xD
Lol@@newbiejember9854
@@the_sandman00 😂😂😂😂😂😂😂😂😂😂 no dude he will not explain and this is waste of time
hey that's not a vulnerability
Since the tweet is not made in another account, I guess that´s why the bug got only 3k. If it had been a tweet in a different account, it would've gotten a higher bounty. Remember that this is not directly for vulnerabilities, but for bugs too. I guess that's why it's called "Bug Bounty" and not "Vulnerability Hunting".
@@joshuavega2193 For simple mistakes you don't get rewards, plus the staff ignores it.
The request might be bypassing front-end server
Bro please share Reference report
Ok I Will share next video
@@educationhive bro please mention this report link. Same Model vulnerability i find in other website.
@@AGNIHACKERS sure
Dear good!
But which is the really impact of this vulnerability?
I will share wait
@@educationhive Thanks! I am waiting for this haha 😁