#apisecuity — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #apisecuity, aggregated by home.social.
-
🎵 New Blog Post: Bandsintown Verification Bypass (Fixed, $200 + Swag)
Found a way to claim any unclaimed artist page on Bandsintown without verification:
- Discovered API endpoint from requesting to join Bieber's team
- Used same endpoint on Rick Astley (unclaimed) - bypassed all OAuth/social verification
- Got full access to 191k followers, their emails, names, locations
- Could send push notifications and post as any unclaimed artist (including diddy xd)
I could have rickrolled 191k people for real. I did not.
Bandsintown handled it well - fast fix, honest about bounty limitations, shipped me swag.
Also found a new bypass while writing this - currently disclosing responsibly.
Full writeup: https://bobdahacker.com/blog/bandsintown
#InfoSec #BugBounty #ResponsibleDisclosure #Bandsintown #Security #Privacy #CyberSecurity #RickAstley #APISecuity #Music