instagram

3 articles
Sort: New Top Best
clear filter
bug-bounty621 facebook431 xss316 google103 rce101 csrf60 microsoft59 web354 account-takeover53 writeup50 apple42 sqli41 cve35 ssrf34 exploit33 dos31 privilege-escalation28 defi28 cloudflare27 smart-contract-vulnerability25 idor24 subdomain-takeover24 ethereum23 clickjacking23 smart-contract23 vulnerability-disclosure21 access-control21 auth-bypass19 malware19 remote-code-execution18 lfi17 cors16 race-condition15 cloud15 reverse-engineering14 authentication-bypass14 solidity14 oauth12 browser12 info-disclosure12 aws12 sql-injection11 delegatecall11 denial-of-service11 phishing11 web-application-security10 vulnerability9 buffer-overflow9 web-security9 token-theft9
0 5/10
Instagram Notes Audio Leakage via URL Extraction
bug-bounty

A data sanitization vulnerability in Instagram Web's Notes feature allowed users to extract original video files with audio by copying the video URL from browser DevTools, bypassing the intended silent playback design. The vulnerability was specific to certain server nodes and was fixed after responsible disclosure to Meta, earning a $1,000 bounty.

privacy-bypass audio-leakage url-extraction web-vulnerability instagram data-sanitization bug-bounty responsible-disclosure frontend-bypass meta
Instagram Meta Javier González Casares Case ID: 3950957211809485
github.com · i12gocaj · 4 hours ago · details
0
Instagram account is reactivated without entering 2FA
bug-bounty

A vulnerability in Instagram's account reactivation process allowed attackers to reactivate deactivated accounts using only credentials, bypassing two-factor authentication that should have been required. The issue was fixed by Instagram after being reported through their bug bounty program, resulting in a $500 bounty award.

2fa-bypass authentication-bypass account-takeover business-logic-flaw instagram credential-reuse account-reactivation
Instagram Facebook Aman Shahid HackerOne
bugbountypoc.com · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details
0
Facebook graphql CSRF
vulnerability

A CSRF vulnerability in Facebook's Instagram Business Tools allowed attackers to execute arbitrary GraphQL mutations by crafting malicious URLs that leveraged the victim's authenticated access token, enabling unauthorized actions like creating posts with malicious content. The vulnerability exploited improper parameter handling in the /business/:id endpoint where user-controlled IDs were sent to the Graph API without proper CSRF protections.

csrf graphql authentication-bypass mutation instagram facebook web-security access-token-misuse parameter-injection business-tools
Facebook Instagram business.instagram.com graph.facebook.com BusinessToolsEntrypoint.instagram BusinessStore.instagram SyncAddMutations
philippeharewood.com · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details