Unclaimed Medium Publication takeover in WeTransfer

Hi readers ,

I am a Cyber Security Researcher from Bangladesh . Again I am here to share a Security issue I found on WeTransfer . WeTransfer have a paid bugbounty program under Zerocopter . So I start testing their sites . While I was bruteforcing wetransfer.com with DIRB script I got some directories what was redirecting users to Medium Publication link . Those directories looks like :-

Now When I visited the location link https://medium.com/wetransferger I got error like below screenshot :-

Looks something wrong with this link 😾

Now I go to https://medium.com/me/publications and Created new publication using same name wetransferger and I got the publication link under My control and was able to place anything on the publication like below screenshot :-

Publication Takeovered ;)

Now whenever a User will visit https://wetransfer.com/blogger it will take the user to my Medium Publication . I was able to claim 5 Unclaimed Publications . All others was not exploitable as they used _(Underscore) in the medium link and in medium _(Underscore) is not allowed as a Publication link .

I reported this issue to WeTransfer Bug Bounty Program and they rewarded me with 100 Euro + 1year WeTransfer Plus Account .

Bounty Time :P

Security Awareness :- If you are using medium publications link with your site make sure it’s valid and claimed by you .

Thanks For Reading . Forgive all mistakes :D

Find me on Facebook :-https://web.facebook.com/prial261?_rdc=1&_rdr