Wednesday, February 24, 2016

Subdomain Takeover in Snapchat

I have found a subdomain takeover in Snapchat's acquisition, scan.me. Scan.me is currently integrated into Snapchat application. The vulnerable subdomain was support.scan.me pointing to Zendesk. I have reported it to Snapchat and was fixed quickly and rewarded me with a bounty and made me the Top 5 hacker in their thanks list. Here is the link of my report:  https://hackerone.com/reports/114134 


Reward:

$1000 

2 comments: