Baibhav Anand Jha

$~# whoami
Baibhav Anand Jha
I do bug-bounties
I develop
I learn
I hack



Reply To Instagram Stories where privacy of who can reply is set to ‘Nobody’.

April 30 | 2 Minutes Read


Attacker was able to reply to Instagram stories where who can reply to the story privacy was set to ‘Nobody’ by popping up keyboard while on the story of which reply privacy is set to ‘Nobody’.

Steps of Reproduction

  1. Opened the story of the the account which has disabled replies.
  2. Send yourself a message on WhatsApp at the same time when viewing the story (basically opening keyboard while viewing the story).
  3. We will then get the reply option by clicking on the camera icon we can reply to the story.


Sunday, February 3, 2019 at 10:16 PM
Thursday, February 7, 2019 at 5:19 PM
Wednesday, February 13, 2019 at 7:29 PM
Wednesday, April 24, 2019 at 12:23 AM
Bounty Awarded ($500)
Tuesday, April 30, 2019 at 10:15 PM