Reply To Instagram Stories where privacy of who can reply is set to ‘Nobody’. (Part 2)

October 21 | 2 Minutes Read

Description

Attacker was able to reply to Instagram stories where who can reply to the story privacy was set to ‘Nobody’. It is the bypass of my previous report.

Steps of Reproduction

Step 1: Open the story of an Instagram account which appears before the story of the victim account ( as shown in the POC video attached)
Step 2: While watching the story of the Instagram account before the victim’s account manage to pop up keyboard somehow, it can be done by many ways. (In the POC I have used a 3rd party app to manually pop up the keyboard).
Step 3: Let the Instagram story of the victim load.
Step 4: Boom! There is a reply option from which by selecting the image option we can reply to the story.

Timeline

Reported

Monday, May 20, 2019 at 5:42 PM

Pre-triaged

Saturday, May 25, 2019 at 2:27 AM

Triaged

Friday, June 7, 2019 at 7:25 PM

Fixed

Thursday, October 3, 2019 at 7:41 PM

Bounty Awarded ($1000)

Monday, October 21, 2019 at 4:00 PM