How I was able to takeover Company’s Instagram page in 2 minutes!!
Hi Hunters, this is my second blog post(well the first one was just a Hello World!). I am going to share a vulnerability which I found very recently. The issue I found was in a Pentesting Project Client at my workplace. Therefore, I cannot disclose the Company’s name so I will mention it as Target.com.
Now, I was able to takeover the Instagram page of the company using a technique called Broken Link Hijacking. Are you thinking “I have heard Subdomain Hijacking…..what is this Broken Link Hijacking???🤔”.
Well let me tell you, It is similar to Subdomain Hijacking, the only difference is that this one involves an expired link on the target page.
Thanks to EdOverflow, for explaining this bug very beautifully in his blog post. Also, there is a beautiful tool to find broken links: Broken Link Checker
However I found the vulnerability in my target.com without the need of this tool. When I visited my target homepage I saw some Social Media Links and the first thing I did was “Open in New Tab”. All the other Social media pages where active(working fine) except for the Instagram one. It showed “Sorry, this page isn’t available.” Refer the screenshot below.
URL was: https://www.instagram.com/targetinsta123/
Now, from past experiences I knew in Instagram we can customize our username. Next, I created a new account on Instagram with username “targetinsta123” (from the above URL). It was successfully created and I was able to takeover the Company’s Instagram page.
Impact of this issue is more reputational than monetary loss to the company. An Attacker can post bad content in the name of the company. As the page is linked in the website, a legitimate user when clicks, will be redirected to attacker controlled account.
In the end, I added the vulnerability in the Pentest Report and got appreciation from my teammates (Well as it wasn’t bug bounty)
See you next time!
Till then do connect with me on my social media given below.
Twitter: https://twitter.com/imayankraheja
