An IDOR Vulnerability on INSTAGRAM! 49500$ Rewarded!
HTML-код
- Опубликовано: 21 авг 2024
- Get 10,000 free mins to build mobile and web app: bit.ly/3uuotSV
Learn more about ZEGOCLOUD API & SDK: bit.ly/3Fy5HAm
How to build iOS, Android and Web app: bit.ly/3hf7xfX
Check out my FREE course on SQL Injection for Beginners with hands-on training and completion certificate: bit.ly/3MTMQ2Q
Neeraj Sharma's writeup: infosecwriteup...
Neeraj Sharma, a 20-year-old Security Enthusiast from India has discovered a critical IDOR (Insecure Direct Object References) vulnerability on Instagram which allowed an attacker to change the thumbnail of any instagram reel without any authorization!
Facebook offered him 49500$ for reporting this bug and also added him to the Hall Of Fame.
Facebook's Bug Bounty Hall of Fame: / thanks
Thanks for watching!
SUBSCRIBE for more videos!
Join my Discord: / discord
Follow me on Instagram: / teja.techraj
Website: techraj156.com
Blog: blog.techraj15... 
Наука
Check out my FREE course on SQL Injection for Beginners, you also get a completion certificate: bit.ly/3MTMQ2Q
That bounty hunt was so rewardable
Reward:-40 Lacks.....💀
Your explanation was perfect, thanks for the video
I like the way you explain, clear as clean water, keep it up.
perfect explanation and awesome finding!!
That’s why all your action should be user centric in the backend
Damn...that looked so simple!!!
Yeah
Exactly
Too simple tbh
Too simple that nobody would believe a bug was there
Thanks for the explanation brother!! Got to learn many new stuff.
Thank you bro! you explained very well. your presentation skills are awesome.
Your explanation was perfect, thanks for the video bro
Your channel is coming a lot good bro
Crazy.. I never think that thumbnail can be hacked.
yesterday loi has posted it full form :-Insecure direct object reference
Please bring more such examples 🙏🧑💻
Can you please explain..how did you bypass ssl pinning in genny.....
mahn , appreciate your work .. thanks for this :)
Really nice explanation! Thanks!
Lol 🤣 Beluga is hacked ... Now his Hecker friend will come to save his ass..
Nice detail explanation 👌 👍 thumb up. Keep it up 👍
Damn!
Great video 🔥
Damn it was a awesome finding !!
Great vid man
Superb video sir loved it 😍😍
Wonderfully explained. Thanks a lot.
Who else not indian but Indian
Well not the small letter i 😂
Bro why don't you start a complete course of coding from beginning to expert level.
Ex- coding + connectivity to database related video.
I know coding then what to learn after coding i don't know
That make hoch poch in my brain.
He is gonna charge you & he is not uploading here on youtube
We'll pay I need it too
@@atirrasheedhashmi I will pay
I love how the comment section has no bots
Awesome find definitely
Good one Anna. Keep going
trolling session
I wonder what other sites are vulnerable to this attack?
Woah! It's so cool!
Hi @Tech taj what is your mic setup? Can you share amazon link for it?
FYI. Looks like your website is down. Its showing WIZ service error.
My mentor is here again with another motivating hacking video ✌️✌️
Thanks for the video =)
New subscriber ❤️
M ardam kale but video motham chusa.... ❤️
Great. Explanation
I'm a little confused by the difference between a BOLA and IDOR vulnerability?
Cool mannnn😍
love your content :}
So this vulnerability doesn't work now, right?
Is it's patched?
Yes
billo bagge bagge bilya da ki kregi bagge bagge bilya da ki kregi " kuch nahi kregi bhai bass bounty dilvayegi 😂"
Subscribed✌️
Moral:- Bug Kahi Bhi Ho Sakta Hai 🥲
good video thank you
so easy and so powerful
More such videos bud!
Bro neenga dhan unlucky bug hunter channel host ah
Beluga👀
Please make A video to access server with shodan
Awesome
Could you please tell me how to use burpsuite in the android emulator like in the exploit video ?
Lets say i am hunting for price manipulation idor but the request is encrypted with % any way to decore it ?
Is it possible to reproduce the vulnerability?
Make more videos like this
Hi, what the name of that Phone sim that he used...?
Fixed?
Raj i really appreciate ur videos very clear and interesting, could u make a vid about evilnginx2? i think it would be great to learn about it for alot of people.
Well r u studying right now or doing some cybersecurity job
Dark market probably 100k$
Can we try now
i don't trust on the bug bounty program , the rewards are not two much !
Can this Practice can we do after this?
awsome prank to people
damn! copy of network chuck btw loved your videos
More videos plz
poor beluga account 🥺🙏
❤❤
I know him
37lakhs ✌️✌️
Wow
🤯
Woaaaaaah! How does something like this even hits in the mind?
It doesn't, they try a bunch of different methods until something seems odd.
@@BlueEdgeTechno Ah! I guess Patience is the key!!
Some websites has listed amount to 4500USD??
No its 49500USD
i know because he is my friend
@@adityamehra4412 o really , you are also hacker
@@adityamehra4412 okay, I was confused that some websites are saying 49k and some are 4500 thanks for conformation.
@@adityamehra4412 tell him congrats from me.
😎
wtf 🤯
Bro i did report 4 Idor's but haven't got response it's been 24 hours for the first Idor..
are they gonna response me or not?
it says it is private and only participants can view it...
when they gonna response me please answer...
in which app
@@negaaa5080 yahoo or reddit
1337
Second
He sound like an indian scammer
Your explanation was not good no thanks for the video
First
Hi @Beluga