A researcher highlighted a vulnerability in Snapchat that could allow a remote attacker to delete a target user’s Spotlight content. Snapchat patched the flaw following the bug report, rewarding the researcher with a hefty bounty.
Snapchat Vulnerability Deleting Content Spotlight
According to a from Sahil Saxena, a severe vulnerability risked the security of Snapchat users’ Spotlight content. Saxena noticed that he could delete any target user’s Spotlight video remotely without requiring the user’s account credentials.
Spotlight is an attractive video feature that Snapchat offers for its content creators to maximize viewability. This feature also facilitates the creators in generating money, which means any vulnerabilities affecting it could also indirectly impact their income.
As described, the researcher observed the issue when intercepting Snapchat posts and attempting to delete a post. He noticed the issue with a specific parameter ID in the post delete request, which he could change to Spotlight content.
Explaining the PoC, he stated,
In delete request there is parameter of id
{"operationName":"DeleteStorySnaps","variables":{"ids":["███████"],"storyType":"SPOTLIGHT_STORY"},"query":"mutation DeleteStorySnaps($ids: [String!]!, $storyType: StoryType!) {n deleteStorySnaps(ids: $ids, storyType: $storyType)n}n"}
You just have to change this id parameter. You can easily get the id parameter. Now forward the request after replacing id with someone’s else video id.
Alongside a privacy breach and damage to the victim’s content, such an exploit could also impact the user financially. That’s because deleted Spotlight content becomes ineligible for Snapchat’s crystal awards – the platform’s payment mode.
Snapchat Fixed The Bug
After discovering this vulnerability, the researcher reported the matter to Snapchat via their HackerOne bug bounty program. The platform officials triaged the bug promptly, assuring an internal review.
Then, within less than a week, Snapchat confirmed patching the vulnerability, which the researcher also tested and confirmed. He validated the fix, which returned an error upon trying to change the parameter ID and sending a request.
After holding the vulnerability report for some time to ensure further fixes, Snapchat has recently disclosed the bug report to the public.
Besides patching the vulnerability, Snapchat rewarded the researcher with a hefty $15,000 bounty.
Let us know your thoughts in the comments.
