Nir Goldshlager Founder of Break Security found the critical vulnerability in Instagram. Succesful hack allows attacker to access private photos and ability to delete victim’s photos, edit comment and post new photos. 1. Hijack Instagram accounts using the Instagram OAuth (https://instagram.com/oauth/authorize/) 2. Hijack Instagram accounts using the Facebook OAuth Dialog (https://www.facebook.com/dialog/oauth) He reported a few issues to Instagram Include OAuth Attacks, But the acquisition didn’t closed yet and Facebook Security was unable to put their hands on security issues in Instagram, So I was waiting, Waiting like a good WhiteCollar, Then Facebook Security send me a message, They say even that they were unable to fix this issues because the acquisition didn’t closed yet, They will still payout for this vulnerabilities. So, first, checked Instagram’s OAuth protocol: (http://instagram.com/developer/authentication/) While researching Instagram’s security pa
Comments
Post a Comment