Does CapCut Need a Public Bug Bounty Program?
I’ve been fuzzing the CapCut web editor (capcut.com) and found what looks like a potential IDOR on project draft IDs. Before I go further, I want to make sure I'm following responsible disclosure. capcut bug bounty
#BugBounty #InfoSec #EthicalHacking #ByteDance Does CapCut Need a Public Bug Bounty Program
🚨 🚨
Before I disclose: Is there a private HackerOne/third-party program, or are we going straight to VDP? 👀 the attack surface is MASSIVE.
As CapCut's user base explodes (surpassing Premiere Rush in mobile downloads), its security posture remains a black box to the research community.
With millions of creators storing drafts & data on ByteDance servers, the attack surface is MASSIVE.