Hidden Service In Maven Repo Directory Traversal X.com denied

dbms submitted a report to X (Formerly Twitter).
November 12, 2022, 6:41am UTC
Summary:
This is a forgotten subdomain service that is apart of the maven repository
Description:
Found this while subdomain scanning with rapiddns.io and subdomainfinder.c99.nl
Steps To Reproduce:
https://vpn.twttr.com/dana-na/auth/url_default/welcome.cgi
View The Source view-source:https://vpn.twttr.com/dana-na/auth/url_default/welcome.cgi
Right click the twitter logo in top left hand corner of the page witch will lead us here https://vpn.twttr.com/dana-na/auth/url_default/imgs/custom-logo.png
Remove the custom-logo.png path until you are at imgs here https://vpn.twttr.com/dana-na/auth/url_default/imgs/
View the source of the following page to find this <script>
if (parent.frames.length == 0 ||
parent.frames[0].name != “DSFrameToolBar”) {
document.write(‘ <tr>’);
document.write(‘ <td bgcolor=”909090"><img border=”0" src=”/dana-na/auth/welcome.cgi?p=rolelogo” alt=”Logo”></td>’);
document.write(‘ <TD bgcolor=”909090" align=”right”> </TD>’);
}
document.write(‘ </tr>’);
</script>
Impact
Server side misuse of client data
bugtriage-simon

changed the status to Needs more info.
November 14, 2022, 10:49am UTC
Thank you for your report @dbms,
Server side misuse of client data
We have reviewed the information you have provided, and we’d like some clarification on the security risk this behavior presents to Twitter’s users or infrastructure. Please keep in mind that our HackerOne program does not generally accept theoretical or potential reports, and requires that researchers demonstrate how the behavior they have found can be used in an attack.
With this in mind, can you demonstrate how this behavior could be leveraged against Twitter’s users or infrastructure? Can you provide reproduction steps which show a working attack that relies on this behavior?
Thank you for thinking of Twitter security.
dbms

changed the status to New.
December 3, 2022, 6:07pm UTC
This is an insecure Subdomain if we scan it we can get paths that lead to possible path traversals this service should only be accessible by authenticated users we shouldn’t be able to see this unauthenticated for example without going out of scope we could take this minified JavaScript and go through it and we find paths that we can play around with I don’t want to violate the Twitter terms of service by doing so unless I’m giving permission https://vpn.twttr.com/dana-na/auth/url_default/js/Duo-Juniper-Desktop.js
bugtriage-simon

closed the report and changed the status to Informative.
December 5, 2022, 11:21am UTC

Thank you for your response @dbms,
Generally, our HackerOne program requires researchers to demonstrate a working proof-of-concept attack using the behavior they are reporting, along with clear steps which can be followed to reproduce the attack, in order for us to investigate the report. The information that you have provided does not provide enough information (e.g. description of the attack behavior, steps to reproduce, sample requests and responses, impact to Twitter users and infrastructure) for us to investigate further.
For these reasons we will close this report as Informative. Regardless, we appreciate your concern for our platform and we hope you continue to submit to our program.
Thank you for thinking of Twitter security.