| Toggle Group Rules Agreement as a non-member |
|
|
|
| Download .arexport files for any public AR Studio Effect |
|
|
|
| Instagram GitHub Token with public_scope found In Travis CI Build Logs |
|
|
|
| Determine a Facebook user from an email address |
|
|
|
| Facebook Marketing Confidential Call Transcript |
|
|
|
| CVE-2018-16794 on fs.thefacebook.com |
|
|
|
| View the contact list for a Messenger Kid as a parent-approved contact |
|
|
|
| Disclose Page Admins via Gaming Dashboard Bans |
|
|
|
| Facebook Business Takeover |
|
|
|
| View the bug subscriptions for any Oculus User |
|
|
|
| Facebook GraphQL CSRF |
|
|
|
| Facebook stories disclose Facebook friend list |
|
|
|
| Find Mingle Suggestions for any Facebook User (Revisited) |
|
|
|
| Rewriting a photo not owned by the session user in Moments App (Revisited) |
|
|
|
| Facebook Bug Bounty: secondary damage (revisited) why I really like reporting to Facebook too :) |
|
|
|
writeups.xyz
/
Philippe Harewood (@Phwd)