With millions of creators storing drafts & data on ByteDance servers, the attack surface is MASSIVE.

If ByteDance is listening: A clear rewards framework for CapCut would attract top talent before attackers find the low-hanging fruit. 🍍

#BugBounty #InfoSec #EthicalHacking #ByteDance

Before I disclose: Is there a private HackerOne/third-party program, or are we going straight to VDP? 👀

We know the parent company (ByteDance) runs bounty programs for TikTok. But what about CapCut?

I've found: 🔹 Auth bypass in the web editor 🔹 Insecure direct object references (IDOR) in project files 🔹 Rate-limiting gaps on the mobile API

Drop links below. ⬇️

Capcut Bug Bounty <480p>

With millions of creators storing drafts & data on ByteDance servers, the attack surface is MASSIVE.

If ByteDance is listening: A clear rewards framework for CapCut would attract top talent before attackers find the low-hanging fruit. 🍍 capcut bug bounty

#BugBounty #InfoSec #EthicalHacking #ByteDance With millions of creators storing drafts & data

Before I disclose: Is there a private HackerOne/third-party program, or are we going straight to VDP? 👀 capcut bug bounty

We know the parent company (ByteDance) runs bounty programs for TikTok. But what about CapCut?

I've found: 🔹 Auth bypass in the web editor 🔹 Insecure direct object references (IDOR) in project files 🔹 Rate-limiting gaps on the mobile API

Drop links below. ⬇️

Reset cookie / GDPR consent