An attacker was able to change comment keyword filter on behalf of other users on Instagram.com by exploiting CSRF vulnerability .but after reporting this vulnerability the internal research of…

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

An attacker found a CSRF vulnerability in Instagram that allowed changing comment keyword filters on behalf of other users. After reporting, Facebook's internal research identified additional vulnerable endpoints, potentially leading to account takeover. The initial vulnerability involved the lack of CSRF token and Origin checks in a specific POST request.

CSRF in Instagram