Share
Share
Share
 

Hacker paid only $10,000 after discovering Vine’s entire source code

Photo: Vine

It looks like someone stumbled upon a major Twitter boo boo after they discovered Vine’s entire source code out in the internet wild.

Avinash, an Indian bug-bounty hunter, set out looking for loopholes within Vine, Twitter’s popular short-video sharing service. He used a website called Censys.io to look for subdomains belonging to Vine which should not be in the public’s eye.

He looked for subdomains as it could potentially provide an entry point into the website.

During his search, he came across https://docker.vineapp.com, which was being hosted on an Amazon EC2 virtual server.

Even though the domain did not really show anything useful at the time, he did some Googling and found that Vine was hosting over 80 different developer images on the Amazon server via an app called Docker. Rather than going through each one of them, he tackled an image called vinewww.

He hit big time after discovering the entire website’s source code, API and third party keys, and other secrets.

He was also able to set up a local copy of the website on a VM without much hassle.

vine-local

After reporting the problem to Twitter and replicating his actions, they agreed that they needed to fix the issue, and shut down public access within 5 minutes.

Avinash was paid Rs. 680,000 (which converts to a little over US $10,000) for his efforts.

Maybe it’s just me, but I felt as though Twitter could have forked out a little more than than given that their entire website’s source code was publicly available (even though not accessible by John Doe). I guess that’s the price that comes with white hat hacking though.

Caribbean Airlines has joined the ranks of other international airlines by introducing a premium economy cabin. Dubbed “Caribbean Plus”, rows…
It’s 2018 and there are still many websites that believe in forcing users to watch autoplay videos. That’s right, we’re…
Sometimes I like to record a snippet of what I’m listening to on my phone’s iTunes player to post to…
If you’re an iPhone user (or use any iOS device as a matter), it may be time to consider using…
Like many other mobile phone manufacturers, Apple can’t keep anything a secret. In a recently leaked internal memo (a lengthy…
We’ve all seen endless videos about those luxurious and comfortable first and business class seats on airlines like Emirates, EVA…
According to a new survey by Piper Jaffray, a securities investment and research firm, more and more U.S. teens are…
With both Xbox and PlayStation consoles receiving receiving proper 4K treatment within the last two years, Sony fans may have…
World renowned physicist Professor Stephen Hawking has passed away at the age of 76. A spokesperson for the family said…
Adobe Creative Cloud (CC) subscribers (including myself) have reported receiving emails about an upcoming price change coming to the editing…