| Instagram App Access Token |
|
|
|
| Bypass video capture limit on Ray-Ban Stories |
|
|
|
| Access to CrowdTangle Deletion Framework API |
|
|
|
| View the country of a private Instagram User |
|
|
|
| Missing permission check for Facebook gaming community invites |
|
|
|
| Bulletin.com email address leak |
|
|
|
| Download Facebook internal mobile builds |
|
|
|
| Leaked Credentials gives access to internalfb.com |
|
|
|
| See whether a Hackercup Facebook participant allows recruitment contact |
|
|
|
| Change any link at https://fbwat.ch/ |
|
|
|
| Change the profanity filter for any Facebook page |
|
|
|
| Generate valid signatures for FBCDN urls |
|
|
|
| Disclose the owner of a recruiting manager in Jobs Beta |
|
|
|
| View the ranked messenger users for any page |
|
|
|
| 1-800-Flowers Credentials and message log leak via facebook.com/facebook |
|
|
|
| Business ID leak via Creative Hub redirect |
|
|
|
| Add users to roles on Facebook pages without an invitation consent |
|
|
|
| Facebook employee internal tool and conversations leaked in Facebook video |
|
|
|
| Subscribe to the list of requesters to join a Facebook live video using MQTT |
|
|
|
| Create living room polls as a Facebook page analyst |
|
|
|
| Removing profile pictures for any Facebook user |
|
|
|
| Add users to roles on Facebook pages without an invitation consent (revisited) |
|
|
|
| Subscribe to typing notifications for any Instagram user |
|
|
|
| Get Page Inbox notifications for any Facebook page |
|
|
|
| View Facebook payouts for any Facebook Trivia Game |
|
|
|
writeups.xyz
/
Philippe Harewood (@Phwd)