Official Instagram link broken and taken over
Report ID
#19136
Target
Report type
Websites and Applications
Impacts
Persistent content spoofing / text injection issues
Has PoC?
Yes
Description
Hello team,
While conducting my testing at https://app.bean.money and checking the docs at https://docs.bean.money/almanac/community/links, I found that the official Instagram link provided in the community links section is broken. When clicking on the link, it redirects to an error page indicating that the page could not be found.
Impact
This bug affects the user interaction on the platform as it leads users to a phishing website instead of the official Instagram page. This could result in users unknowingly giving away sensitive information or falling victim to scams.
Recommendation
To fix this issue, the official Instagram link on the Bean.money Docs page needs to be updated or corrected. The correct link should be tested and verified to ensure that it works properly. Once the correct link is determined, it should be updated on the website as soon as possible. Additionally, regular checks should be conducted to ensure that all links on the website are working properly, and any broken links should be promptly corrected.
Steps to Reproduce :
2.Click on the instagram link .It will redirect to https://www.instagram.com/beanstalkprotocol/
You will see the takeover message "Takeover PoC @Example"
Please see the attached takeover PoC
Let me know if you want further information
BIC Response
This submission is related to an out of scope asset. We appreciate the note, but only bugs on the Beanstalk UI are in scope for Website and Applications. Because of this it not eligible for a reward.