I found this difficult to follow, but from what I can gather, sharing the media file with another user generated a new media key/identifier that was considered to be owner by the victim - instead of the original user uploading it?
And then from here, by abusing the ad studio tweet functionality, it's possible to tweet using the victim's account?
Edit: Twitter's HackerOne summary makes a lot more sense "The reporter discovered a flaw in the handling of Twitter Ads Studio requests which allowed an attacker to tweet as any user. By sharing media with a victim user and then modifying the post request with the victim's account ID the media in question would be posted from the victim's account. This bug was patched immediately after being triaged and no evidence was found of the flaw being exploited by anyone other than the reporter."
1 comment
[ 2.4 ms ] story [ 12.1 ms ] threadAnd then from here, by abusing the ad studio tweet functionality, it's possible to tweet using the victim's account?
Edit: Twitter's HackerOne summary makes a lot more sense "The reporter discovered a flaw in the handling of Twitter Ads Studio requests which allowed an attacker to tweet as any user. By sharing media with a victim user and then modifying the post request with the victim's account ID the media in question would be posted from the victim's account. This bug was patched immediately after being triaged and no evidence was found of the flaw being exploited by anyone other than the reporter."