Back to directory
WRITEUP #3749

One-click reflected XSS in www.instagram.com due to unfiltered URI schemes leads to account takeover

XSSReflected XSSAccount takeover
by@samm0uda(Youssef Sammouda)
Bounty
9,600
Program
Meta / Facebook
Published
May 13, 2021
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://ysamm.com/?p=695
RELATED WRITEUPS
Self-XSS to ATO via Site Features
XSSSelf-XSS
Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities
XSSReflected XSS
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
How 100% Manual Hacking (Without Even Kali And Burp) Led To 2 Medium Vulnerabilities On YesWeHack
XSS
Bypassing CSP via URL Parser Confusions : XSS on Netlify’s Image CDN
XSSCSP bypass

Built with ❤️ by Shubham Rawat