Wetransfer.c
Brandi Baylon
Today I will share a Security issue I found on WeTransfer. WeTransfer has a paid bug-bounty program under Zerocopter. So I start testing their sites. While I was brute-forcing wetransfer.com with DIRB script I got some directories what was redirecting users to the Medium Publication link. Those directories look like
Now I go to and Created a new publication using the same name wetransferger and I got the publication link under My control and was able to place anything on the publication like the below screenshot
Now whenever a User will visit it will take the user to my Medium Publication. I was able to claim 5 Unclaimed Publications. All others were not exploitable as they used _(Underscore) in the medium link and in medium _(Underscore) is not allowed as a Publication link.I reported this issue to WeTransfer Bug Bounty Program and they rewarded me with 100 Euro + 1year WeTransfer Plus Account.
Where did you install Firefox from? Help Mozilla uncover 3rd party websites that offer problematic Firefox installation by taking part in our campaign. There will be swag, and you'll be featured in our blog if you manage to report at least 10 valid reports!
I can't no longer use "wetransfer.com" Their homepage does not load properly and no matter what I click on this page it starts using the CPU 100% and slows down everything and nothing happens anymore. I whitelisted this website in all privacy-extensions, and because in a flits I saw that "firefox essentials" was blocking something - despite the whitelist - I uninstalled it. To no avail. Firefox 100.0.1 (64 bits) under Windows 11 home 64 bits.How can I find out what is the problem ? Thanks for helping out.