URL Redirection Vulnerability on Instagram !

Hey guys,

I think its high time I document all my findings, starting with instagram!

Instagram is an online mobile photo-sharing, video-sharing and social networking service that enables its users to take pictures and videos, and share them on a variety of social networking platforms, such as Facebook, Twitter, tumbler and Flickr.

In the mid of May 2014, I came across a URL redirection vulnerability on Instagram, which basically redirects any logged in user to another malicious domain 😉

Redirection URL:

http://instagram.com/integrity/checkpoint/?next=http://google.com#

POC:

Redirection

Submitted : May 11, 2014
Fixed On   : May 23, 2014
Bounty      : Yes
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s