I've found: 🔹 Auth bypass in the web editor 🔹 Insecure direct object references (IDOR) in project files 🔹 Rate-limiting gaps on the mobile API
I’ve been fuzzing the CapCut web editor (capcut.com) and found what looks like a potential IDOR on project draft IDs. Before I go further, I want to make sure I'm following responsible disclosure. capcut bug bounty
#BugBounty #InfoSec #EthicalHacking #ByteDance I've found: 🔹 Auth bypass in the web