![critical ops hack android critical ops hack android](https://i.ytimg.com/vi/JOqpmCbXXBM/maxresdefault.jpg)
The game is an accurate model of counter-strike that gives you an option to participate in hot and epic battles versus special forces.
CRITICAL OPS HACK ANDROID FULL
The impact was loud wide and around heterogeneous masses of Instagram Users.The gameplay is full of action and fight. In generic words, the malicious actor was able to forge thumbnails in any profile without any authorization or victim interaction. Meta team decided on this huge reward of $$$$$.
![critical ops hack android critical ops hack android](https://i.ytimg.com/vi/jHmEnaEWbg8/maxresdefault.jpg)
Thus considering the 0 Interaction and the final analysis of the impact by the meta security ops. Within the Triad of C-I-A, Integrity was violated and the Accessibility of the victim was totally disregarded by the actions of the attacker. To perform this attack, only the Media ID of the target user’s reel was required. This bug allowed malicious actor/s to change the thumbnail of any reels on Instagram. I immediately reported it to Meta Security Team. I was surprised as I did not expect such vulnerability in a subsidiary of a giant like META. and instead of my 1st account reels, the thumbnail of the second account changed. I tried again with my different account and replace clips_media_id with my 2nd account reels media id. To my surprise, the unauthorized testing reel to which a user shall have never control of its thumbnail was changed. Send this request to the repeater and then replaced my clips_media_id with the media_id of my testing reel and forwarded the request to the browser. Upload_id is id of the photo which I want to insert on my thumbnail. I intercepted all the HTTP requests using burp and after forwarding some requests I saw the following HTTP request. For testing, I changed my reel thumbnail. After spending some time with the target I came to the point where users can edit their reels cover photo (thumbnail). Initially, I tested on Instagram Ads GraphQL API but after long hunting, when I could not find any bug there I started hunting on the Instagram reels section. I started hunting on the Instagram app in December 2021. So How I Found This Bug - Storyline (without technicals) Using this vulnerability the attacker could have changed the reel thumbnails of any Instagram user by knowing clips_media_id(Media ID of reel) of that user. Hello everyone, I am Neeraj Sharma, a 20-year-old Security Enthusiast from India. How I found a Critical Bug in Instagram and Got 49500$ Bounty From Facebook