24 点作者 derpenxyne超过 12 年前

3 条评论

kmf超过 12 年前

Trying to recreate this using Paros as a mitmproxy on Mac, looks like Instagram has blocked any kind of logging in/profile editing (the two vulnerabilities mentioned in the article) while on a proxy. No dice. Quick response by their team though.<p>Edit: That's not to say a MITM couldn't happen without the vulnerable user being on a proxy. Just trying to recreate it isn't working.

评论 #4867468 未加载

评论 #4866962 未加载

评论 #4867001 未加载

stusmall超过 12 年前

Has anyone tested this for the Android version?

alpb超过 12 年前

Instagram uses POST method do actually issue a "delete" photo request on their API. Just wanted to say this is a bad REST API practice.<p><a href="http://reventlov.com/advisories/instagram-plaintext-media-disclosure-issue" rel="nofollow">http://reventlov.com/advisories/instagram-plaintext-media-di...</a>

评论 #4866988 未加载

评论 #4866956 未加载

评论 #4866916 未加载

Instagram vulnerability on iPhone allows for account takeover

3 条评论

Instagram vulnerability on iPhone allows for account takeover

3 条评论