| Access Twitter blue features using deeplink without a subscription. |
|
|
|
| Instagram vulnerability : Turn off all type of message requests using deeplink (Android) |
|
|
|
| Facebook android vulnerability: Launching internal/tighten deeplink onbehalf of user |
|
|
|
| Facebook android webview vulnerability : Execute arbitrary javascript (xss) and load arbitrary website |
|
|
|
| [IDOR] add or remove the linked publications from Author Publisher settings — Facebook Bug Bounty |
|
|
|
| Facebook Messenger for android indirect thread deletion vulnerability. |
|
|
|
| Google Photos : Theft of Database & Arbitrary Files Android Vulnerability |
|
|
|
| Sending ephemeral message to any Facebook user |
|
|
|
| Launching Internal & Non-Exported Deeplinks On Facebook |
|
|
|
| Facebook: Linkshim protection bypass using fb://webview |
|
|
|
| Facebook iOS address bar spoofing |
|
|
|
| Facebook Page Admin Disclosure |
|
|
|
| Perform substring search for emails even if Workplace admin hides email profile field. |
|
|
|
| SVE-2020-18025: Unauthorised access to Samsung secure folder files |
|
|
|
| Android : SOP Bypass to steal system files. |
|
|
|
| FB & Messenger for iOS : Address Bar spoofing using data uri |
|
|
|
| Private giant chat app – Send message to victim while sender blocked |
|
|
|
| From NA to $3000 : Facebook’s URL spoofing vulnerability |
|
|
|
| DoS on Facebook Android app using 65530 characters of ZERO WIDTH NO-BREAK SPACE. |
|
|
|
| Whatsapp user’s IP disclosure with Link Preview feature |
|
|
|
| Facebook mailto injection leads to social engineering & spam attack |
|
|
|
writeups.xyz
/
Rahul Kankrale (@RahulKankrale)