Snapchat Vulnerability Could Allow Deleting Users’ Content Spotlight

A researcher highlighted a vulnerability in Snapchat that could allow a remote attacker to delete a target user’s Spotlight content. Snapchat patched the flaw following the bug report, rewarding the researcher with a hefty bounty.

Snapchat Vulnerability Deleting Content Spotlight

According to a bug report from Sahil Saxena, a severe vulnerability risked the security of Snapchat users’ Spotlight content. Saxena noticed that he could delete any target user’s Spotlight video remotely without requiring the user’s account credentials.

Spotlight is an attractive video feature that Snapchat offers for its content creators to maximize viewability. This feature also facilitates the creators in generating money, which means any vulnerabilities affecting it could also indirectly impact their income.

As described, the researcher observed the issue when intercepting Snapchat posts and attempting to delete a post. He noticed the issue with a specific parameter ID in the post delete request, which he could change to delete any other user’s Spotlight content.

Explaining the PoC, he stated,

In delete request there is parameter of id {"operationName":"DeleteStorySnaps","variables":{"ids":["███████"],"storyType":"SPOTLIGHT_STORY"},"query":"mutation DeleteStorySnaps($ids: [String!]!, $storyType: StoryType!) {\n deleteStorySnaps(ids: $ids, storyType: $storyType)\n}\n"}
You just have to change this id parameter. You can easily get the id parameter. Now forward the request after replacing id with someone’s else video id.

Alongside a privacy breach and damage to the victim’s content, such an exploit could also impact the user financially. That’s because deleted Spotlight content becomes ineligible for Snapchat’s crystal awards – the platform’s payment mode.

Snapchat Fixed The Bug

After discovering this vulnerability, the researcher reported the matter to Snapchat via their HackerOne bug bounty program. The platform officials triaged the bug promptly, assuring an internal review.

Then, within less than a week, Snapchat confirmed patching the vulnerability, which the researcher also tested and confirmed. He validated the fix, which returned an error upon trying to change the parameter ID and sending a request.

After holding the vulnerability report for some time to ensure further fixes, Snapchat has recently disclosed the bug report to the public.

Besides patching the vulnerability, Snapchat rewarded the researcher with a hefty $15,000 bounty.

Let us know your thoughts in the comments.

Related posts

NachoVPN Attack Risks Corporate VPN Clients

Sweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection & Response Platform

Anti-Spam WordPress Plugin Vulnerabilities Risked 200K+ Websites