How I got 100$ bounty for creating a Twitter account

This is the story of my first bug bounty. “How i got 100$ bounty by creating a Twitter account.”. I hope you’ll enjoy it 😉.

I was just googling around for a new target and after some time i found a website, let’s call it redacted.com.

I was going through the website and found that there was a dedicated page for their social media accounts (redacted.com/community). Now you may ask why to care about it ? You’ll find out soon.

So, after i saw the page i just got only one feeling. What was that ? I just started to open every profile url. After 3 or 4 clicks i saw an error. It was:

Then i was like:

I rushed to my twitter account settings and clicked on change username. And tried registering the username from “redacted.com” which wasn’t opening and “BOOM” username changed successfully.

There were still so many profiles remaining on the website. So i tried opening all of them and at the end i was sitting with 3 new twitter accounts & 1 instagram account.

I Reported the issue to redacted.com and it got triaged and resolved next day. And i got the bounty that same day.

Timeline:

22-07-2020: Reported
23-07-2020: Resolved & bounty received

Thank you for reading, _ the author accepts criticism and suggestions.

Resources

• Broken Link Hijacking - How expired links can be exploited
• How I was able to takeover the company’s LinkedIn Page