$140 Bounty: Full Path Disclosure on ads.twitter.com
1 min read
Summary
A security researcher discovered that creating a campaign on Twitter Ads leaked internal server paths, which could be helpful to hackers and lead to serious consequences.
The vulnerability allowed researchers to view the full server path in the response headers, which could be used to attempt local file inclusion (LFI) and remote code execution (RCE).
The issue has been fixed by Twitter after it was revealed it warranted a $140 bug bounty.
This showcases the importance of attention to detail, server responses and a proactive security mindset for companies and their vulnerabilities.
The story is member-only on the mentioned platform and the summary is based on it.