Wesley Wineberg, an independent security researcher, who participated in the program bug bounty of Facebook, managed to breach Instagram's defenses and gain almost complete control of the service. When the researcher disclosed the vulnerability to Facebook, the company threatened to sue him rather than pay his fee.
Wineberg began his research on Instagram systems following the advice of a friend of his that sensu.instagram.com provides access to the intagram management panel.
The researcher identified the software used by the management panel (Sensu-Admin), and using an earlier research that states that the software may be vulnerable to RCE (remote code execution), managed to access one of the configuration files containing the Sensu credentials associated with a PostgreSQL database.
In this database, Wineberg discovered over 60 λIInstagram and Facebook accounts. The passwords were encrypted with bcrypt, but this did not prevent it from breaking some that were very easy (changeme, Instagram, password).
So soon she was able to log-in to the sensu environment.
Ο Wineberg όμως δεν σταμάτησε εδώ. Από τα αρχεία ρυθμίσεων ανακάλυψε ένα κλειδί πρόσβασης σε ένα account (AWS Amazon Web Services), ο οποίος χρησιμοποιείται για την πρόσβαση σε διάφορα S3 (μονάδες αποθήκευσης δεδομένων).
Also discover Instagram's SSL certificates, the wrenches και άλλα API που χρησιμοποιούνται για αλληλεπίδραση με άλλες υπηρεσίες, φωτογραφίες χρηστών, και το στατικό περιεχόμενο της ιστοσελίδας Ιnstagram.com.
http://exfiltrated.com/research-Ιnstagram-RCE.php
