![]() ![]() ![]() I intercepted all the HTTP requests using burp and after forwarding some requests I saw the following HTTP request. For testing, I changed my reel thumbnail. After spending some time with the target I came to the point where users can edit their reels cover photo (thumbnail). Initially, I tested on Instagram Ads GraphQL API but after long hunting, when I could not find any bug there I started hunting on the Instagram reels section. I started hunting on the Instagram app in December 2021. So How I Found This Bug - Storyline (without technicals) Using this vulnerability the attacker could have changed the reel thumbnails of any Instagram user by knowing clips_media_id(Media ID of reel) of that user. Hello everyone, I am Neeraj Sharma, a 20-year-old Security Enthusiast from India. How I found a Critical Bug in Instagram and Got 49500$ Bounty From Facebook ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |