Hackers
are known to be notorious. They like to find out all the
vulnerabilities that various sites possess and depending on their
intention, they use this knowledge to either create nuisance for the
website owners or inform them about the loopholes to help make the site
safer.
The makers of video-clip sharing site
Vine, currently owned by
Twitter, should be grateful that
ethical hacker known by the name
'avicoder' chose to be the latter sort
when he found a way to download Vine's entire source code.
For
those who are unaware about the subject, a source code for website
usually contains confidential information and access to it can leave the
site extremely vulnerable to attacks that can potentially even destroy
it.
In this case, 'avicoder' was just looking at the potential
security flaws without any ill intentions and in his blog
post, he
explained the entire flaw and how he gained the access to the site's
source code through its Docker image, which should ideally have been
private but was publicly available. With the image, he was able to run
the service locally on his machine.
"I was able to see the entire
source code of vine, its API keys and third party keys and secrets. Even
running the image without any parameter, was letting me host a replica
of VINE locally," the hacker said in his blog post.
On March 31,
avicoder demonstrated a full exploitation of the security flaw to
Twitter as part of its HackerOne bounty programme and the site then
fixed the bug in around 5 minutes. The hacker was rewarded a bounty of
$10,080(roughly Rs. 6,73,000) for informing the site about this flaw.
Ukraine Ethical Hackers Bewildered as HackerOne Bug Bounty Platform Said to Halt Their Payouts17 March 2022
Search
![Gadgets 360 With Technical Guruji: Ask TG [ March 22, 2025]](https://c.ndtvimg.com/2024-12/5s52e4k_-ask-tg_640x480_14_December_24.jpg?downsize=180:*)
