How I exploit a Twitter vulnerability with minimal hacking skills…

…and started to learn more about it.

TLDR; I got rewarded a $560 bounty for generating an inconsistency inside Twitter database without much of hacking skills.

https://twitter.com/messages/<NUMBER>-<NUMBER>

Looking into the backend responses in the network tab I found that these numbers are respectively (some sort of) each user id. They combined they form what Twitter calls a conversation_id. They probably have some another reference for each user for the platform but they use these numbers to reference each user inside the conversation_id. I look at these numbers and I though:

What if we swipe these numbers?

I did that. The page completely broke after. As you can see in the image below. The messages were gone. It’s like we were initiating a new conversation with someone that didn’t follow me.

Accept

Nothing actually happens. Well, something happens. Probably the backend identifies that this conversation_id already exist but in the previous order and launch an exception telling me to reload the page. I reloaded and everything is back to normal.

Delete

This is where the magic happened. When I click “Delete” it actually deleted my whole original conversation. Without using the original conversation_id.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store