📄

Report #19136

Report Date
April 13, 2023
Status
Closed
Payout

Official Instagram link broken and taken over

Report Info

Report ID

#19136

Target

Report type

Websites and Applications

Impacts

Persistent content spoofing / text injection issues

Has PoC?

Yes

Description

Hello team,

While conducting my testing at https://app.bean.money and checking the docs at https://docs.bean.money/almanac/community/links, I found that the official Instagram link provided in the community links section is broken. When clicking on the link, it redirects to an error page indicating that the page could not be found.

Impact

This bug affects the user interaction on the platform as it leads users to a phishing website instead of the official Instagram page. This could result in users unknowingly giving away sensitive information or falling victim to scams.

Recommendation

To fix this issue, the official Instagram link on the Bean.money Docs page needs to be updated or corrected. The correct link should be tested and verified to ensure that it works properly. Once the correct link is determined, it should be updated on the website as soon as possible. Additionally, regular checks should be conducted to ensure that all links on the website are working properly, and any broken links should be promptly corrected.

Steps to Reproduce :

2.Click on the instagram link .It will redirect to https://www.instagram.com/beanstalkprotocol/

You will see the takeover message "Takeover PoC @Example"

Please see the attached takeover PoC

Let me know if you want further information

BIC Response

This submission is related to an out of scope asset. We appreciate the note, but only bugs on the Beanstalk UI are in scope for Website and Applications. Because of this it not eligible for a reward.