| Getting any Facebook user's friend list and partial payment card details |
|
|
|
| Taking over Facebook accounts using Free Basics partner portal |
|
|
|
| Hacking Facebook accounts using CSRF in Oculus-Facebook integration |
|
|
|
| Stealing Facebook access_tokens using CSRF in device login flow |
|
|
|
| Race conditions on the web |
|
|
|
| The easiest bug bounties I have ever won |
|
|
|
| Race conditions on Facebook, DigitalOcean and others (fixed) |
|
|
|
| Reading local files from Facebook's server (fixed) |
|
|
|
| Step-by-step: exploiting SQL injection(s) in Oculus' website. |
|
|
|
| Facebook bug bounty: secondary damage (one report that leads to more bugs), fairness, and why I really like reporting to Facebook |
|
|
|
| Facebook CSRF leading to full account takeover (fixed) |
|
|
|
| SQL injections in Nokia sites. |
|
|
|
| How I found my way into Instagram's Ganglia, and a bug with Facebook likes. |
|
|
|
| Google.com cross site scripting and privilege escalation in Consumer Surveys |
|
|
|
writeups.xyz
/
Josip Franjkovic (@Josipfranjkovic)