A user has right to follow others account but not his own.So using this vulnerability for example Anon1337 can follow his own profile Anon1337 and also gets notification in email.Steps to Reproduce Login in your bug heist account for example Anon1337.And execute this link in your browser.https://www.bugheist.com/follow/Anon1337/.Here Anon 1337 is me and I can follow my own profile.You can place your username instead of Anon1337 on the URL . 281

Domain: http://www.bugheist.com
Tweet Share
Bugheist

Reported on www.bugheist.com

Total # of issues reported = 183

Anon1337

Reported by Anon1337

Total Points of Anon1337 = 264

browser

Browser Version: 84.0.4147

Operating System: Linux

OS Version:

Bug Type: Security
Status: open
Added on: Aug. 29, 2020, 3:27 a.m.

Description

Screenshots:

screenshot

OCR Results:

OCR not installed

Comments:

febinrev  commented  
3 years, 8 months ago
But you can't get actual follow by self following yourself!
Anon1337  commented  
3 years, 8 months ago
Yes it's not actual follow but when you see in the profile tab then you will see your own name in the followers tab.