An IDOR Vulnerability on INSTAGRAM! 49500$ Rewarded!
ฝัง
- เผยแพร่เมื่อ 14 มิ.ย. 2022
- Get 10,000 free mins to build mobile and web app: bit.ly/3uuotSV
Learn more about ZEGOCLOUD API & SDK: bit.ly/3Fy5HAm
How to build iOS, Android and Web app: bit.ly/3hf7xfX
Check out my FREE course on SQL Injection for Beginners with hands-on training and completion certificate: bit.ly/3MTMQ2Q
Neeraj Sharma's writeup: infosecwriteups.com/how-i-fou...
Neeraj Sharma, a 20-year-old Security Enthusiast from India has discovered a critical IDOR (Insecure Direct Object References) vulnerability on Instagram which allowed an attacker to change the thumbnail of any instagram reel without any authorization!
Facebook offered him 49500$ for reporting this bug and also added him to the Hall Of Fame.
Facebook's Bug Bounty Hall of Fame: / thanks
Thanks for watching!
SUBSCRIBE for more videos!
Join my Discord: / discord
Follow me on Instagram: / teja.techraj
Website: techraj156.com
Blog: blog.techraj156.com - วิทยาศาสตร์และเทคโนโลยี
Check out my FREE course on SQL Injection for Beginners, you also get a completion certificate: bit.ly/3MTMQ2Q
That bounty hunt was so rewardable
Your explanation was perfect, thanks for the video
I like the way you explain, clear as clean water, keep it up.
Thanks for the explanation brother!! Got to learn many new stuff.
perfect explanation and awesome finding!!
Thank you bro! you explained very well. your presentation skills are awesome.
That’s why all your action should be user centric in the backend
Your channel is coming a lot good bro
Your explanation was perfect, thanks for the video bro
Really nice explanation! Thanks!
mahn , appreciate your work .. thanks for this :)
Damn...that looked so simple!!!
Yeah
Exactly
Too simple tbh
Too simple that nobody would believe a bug was there
Nice detail explanation 👌 👍 thumb up. Keep it up 👍
Superb video sir loved it 😍😍
Wonderfully explained. Thanks a lot.
Great vid man
Damn!
Great video 🔥
Damn it was a awesome finding !!
Good one Anna. Keep going
Crazy.. I never think that thumbnail can be hacked.
Please bring more such examples 🙏🧑💻
Awesome find definitely
Thanks for the video =)
Can you please explain..how did you bypass ssl pinning in genny.....
Great. Explanation
yesterday loi has posted it full form :-Insecure direct object reference
Hi @Tech taj what is your mic setup? Can you share amazon link for it?
FYI. Looks like your website is down. Its showing WIZ service error.
Lol 🤣 Beluga is hacked ... Now his Hecker friend will come to save his ass..
Woah! It's so cool!
I love how the comment section has no bots
I wonder what other sites are vulnerable to this attack?
M ardam kale but video motham chusa.... ❤️
good video thank you
More such videos bud!
My mentor is here again with another motivating hacking video ✌️✌️
love your content :}
Who else not indian but Indian
Well not the small letter i 😂
Raj i really appreciate ur videos very clear and interesting, could u make a vid about evilnginx2? i think it would be great to learn about it for alot of people.
Could you please tell me how to use burpsuite in the android emulator like in the exploit video ?
Hi, what the name of that Phone sim that he used...?
so easy and so powerful
Bro neenga dhan unlucky bug hunter channel host ah
Subscribed✌️
So this vulnerability doesn't work now, right?
Bro why don't you start a complete course of coding from beginning to expert level.
Ex- coding + connectivity to database related video.
I know coding then what to learn after coding i don't know
That make hoch poch in my brain.
He is gonna charge you & he is not uploading here on youtube
We'll pay I need it too
@@atirrasheedhashmi I will pay
New subscriber ❤️
Cool mannnn😍
Is it possible to reproduce the vulnerability?
Please make A video to access server with shodan
Make more videos like this
Lets say i am hunting for price manipulation idor but the request is encrypted with % any way to decore it ?
trolling session
I'm a little confused by the difference between a BOLA and IDOR vulnerability?
Can this Practice can we do after this?
Can we try now
More videos plz
Moral:- Bug Kahi Bhi Ho Sakta Hai 🥲
Awesome
Fixed?
Well r u studying right now or doing some cybersecurity job
Is it's patched?
Yes
awsome prank to people
damn! copy of network chuck btw loved your videos
billo bagge bagge bilya da ki kregi bagge bagge bilya da ki kregi " kuch nahi kregi bhai bass bounty dilvayegi 😂"
Beluga👀
Dark market probably 100k$
Some websites has listed amount to 4500USD??
No its 49500USD
i know because he is my friend
@@adityamehra4412 o really , you are also hacker
@@adityamehra4412 okay, I was confused that some websites are saying 49k and some are 4500 thanks for conformation.
@@adityamehra4412 tell him congrats from me.
Woaaaaaah! How does something like this even hits in the mind?
It doesn't, they try a bunch of different methods until something seems odd.
@@BlueEdgeTechno Ah! I guess Patience is the key!!
i don't trust on the bug bounty program , the rewards are not two much !
poor beluga account 🥺🙏
I know him
37lakhs ✌️✌️
Wow
❤❤
🤯
😎
Bro i did report 4 Idor's but haven't got response it's been 24 hours for the first Idor..
are they gonna response me or not?
it says it is private and only participants can view it...
when they gonna response me please answer...
in which app
@@negaaa5080 yahoo or reddit
wtf 🤯
Second
1337
First
Your explanation was not good no thanks for the video
He sound like an indian scammer
Hi @Beluga