Description : Vulnerability for Instagram memory overflow error.
Author : Gaddar
Team : SiyahBayrak
PoC;
- Open Chrome and click "F12"
- Select mobile version.
- Reload the Instagram page.
- Inject payload.
Inject : window.onerror = function(message, url, line, column, error)
Overflow :
window.__bufferedErrors = [];
window.onerror = function(message, url, line, column, error) {
window.__bufferedErrors.push({
message: message,
url: url,
line: line,
column: column,
error: error
});
ScreenShot;
https://ibb.co/Y2X13D8
Request Code :
:authority: www.instagram.com
:method: GET
:path: /
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
accept-encoding: gzip, deflate, br
accept-language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
cache-control: max-age=0
cookie: ig_did=19F64EE8-A01C-47BD-AF17-ED74DD3823DC; mid=XhNbngALAAFWUMM_czV9avciPM7e; fbm_124024574287414=base_domain=.instagram.com; shbid=159; ig_cb=1; csrftoken=Mo6Fgbjn1KbqS0UjXosjExNgHFjO8zfF; ds_user_id=6346321592; sessionid=6346321592%3APAqsDukHOO1ta6%3A27; shbts=1582839117.6510594; ig_direct_region_hint=FRC; rur=FTW; urlgen="{\"176.217.73.37\": 8386}:1j7enr:ohTs4sDzFlUIYYGd2Lt4NbChIE8"
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: same-origin
sec-fetch-user: ?1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Mobile Safari/537.36
My social accounts ;
Instagram.com/pt.php
Facebook.com/ptsec
Twitter.com/ptguvenlik
Youtube.com/c/gaddarsec
My Teammates : DeadLy-Warrior - StabilBey - Diablo
