Hacking Twitter for $$

I was hunting with my bros for $$ and we choose a private redacted.com to hunt. After spending 2 hrs we found nothing as the redacted.com was very small, only a few of the functionalities were there so one of my friends decided to go for the API and test their backend the application backend was built upon Lua and frontend jQuery so, while scrolling down I saw social links for Facebook and Twitter. I accidentally clicked on Follow us on Twitter link and it has redirected me to the redacted.com Twitter page where the Twitter said Sorry, that page doesn’t exist!. We claimed that username and wrote a tweet just for the PoC and reported it to the company it is also known as broken link hijacking.

Social links

Claimed company username