Instagram Content Injection Vulnerability

Hello Everyone,
I discovered a Content Injection in Instagram which allows to manipulate a text on instagram.
Content Injection (content spoofing) is an attack targeting a user made possible by an injection vulnerability in a web application. When an application does not properly handle user supplied data, an attacker can supply content to a web application, typically via a parameter value, that is reflected back to the user. This presents the user with a modified page under the context of the trusted domain.
Here is vulnerable link https://www.instagram.com/accounts/password/reset/done/?cp=Bug Found By Anas
Now change 'cp' parameter with any content like anonymous@unknownmail.com or http://www.phishingsite.com .
Comments
Post a Comment