After logging in to your Instagram account from a web browser you will have the option to "Save Your Login Info" , this endpoint [ https://www.instagram.com/accounts/onetap/?next=/ ] was exposed to an Open redirect bug in the "next" parameter , this lead to Bypass linkshim protection.
This flaw can be used in phishing attacks to get users to visit malicious WebSites within the application.
Encode TEST as a URL so it will be like this [ https%3A%2F%2F%3A%2F%2F%2Fwww.evilzone.org%2F ] .
Add TEST to the "next" parameter.
Go to this URL , and by pressing " Not Now ", or " Save Info " it will redirect to the desired site.
It will redirect to https://www.evilzone.org/ .