Old GitHub Profile Takeover! - Mohamed Haron

Mohamed Haron

This Personal Blog about Security and Writes-Up

Jul 28, 2019

Old GitHub Profile Takeover!

Old GitHub Profile Takeover! 

Program : Private on HackerOne
Bounty : 1000$
Fix : by cooperate with company.


This bug was so simple and was a nice catch so I want to Write about it 

Simply what I've found ! 
When I searching for bugs in company code on GitHub.

There was many repositories & Codes mention a Old Github Profile which was worked well.

Example of work
when you try to download some files from this link 

The link will redirect to 


And download will start Normally 

So what was the Bug here ? 
When I go to 
an error was shown to me Not Found Profile

So I able to create any profile with the old company profile name !
And change some repositories to vulnerable files to prove poc

Not Found profile takeover can lead to disable migrate new Profile with Old Profile


No comments:

Post a Comment