A security hole discovered by Indian hacker Avinash Singh in Twitter’s video-based micro-blogging platform Vine has won him $10,080 (Rs 6.8 lakh) from the social network giant. Singh is believed to have discovered a security hole that allowed him to access the entire cache of online code for Vine.
According to a report by The Hacker News, a hacking news website, Avinash discovered a Docker image for Vine while looking for vulnerabilities using censys.io, a search engine website.
Singh in a blog post explained that he could see the entire Source Code of Vine, it’s third party keys, API keys and other secrets. “Even running the image without any parameter, was letting me host a replica of VINE locally,” wrote Singh, on his blog.
Singh further says in his post that he doesn't plan to share Vine's source code, and Twitter has already pointed out the leak.
Singh has further reported nearly 20 bugs to Twitter since he started contributing as a bounty hunter last year. He mainly focuses on Twitter since they fix problems and pay up quickly, though he has also submitted bugs to Coursera, OwnCloud, and Imgur for a total of 40 vulnerabilities so far.
Avinash presented his findings to Twitter on March 31 this year and they fixed the issue within 5 minutes.