Crash Instagram Bug (Android) using U+043E (Unpatched)
Instagram for android does not handle some CYRILLIC letters like U+043E: CYRILLIC SMALL LETTER O so if we create hostname using Cyrillic small letter о like the it could crash instagram:
http://gооgle.com/
copy above url and post this url in instagram profile or send it to user in chat.
To try this Goto my instagram https://instagram.com/rahulkankrale
and click on google.com
Instagram will get crashed with exception:
Video for proof of concept:
Using this bug malicious user could crash instagram live by sending this url to host.
I didn’t reported this as no security impact because of user interaction.
This post is licensed under CC BY 4.0 by the author.