- OTP token leaked via short links for example: "http://ig.me" is used for Instagram to login/reset passwords, where I was able to login into many Instagram accounts. it's batter to use http://urlscan.io to find new/valid URLs POC: https://urlscan.io/s...
- Obviously, I wouldn’t click the link to reset anyway, but unshortening the link shows it going to Instagram directly…just seems a bit odd.
- Http://M.Vk.Com/deputatBOMZh?act=contacts #вКонтактыВсеМоиПочти.