| Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation |
|
|
|
| Account takeover of Facebook/Oculus accounts due to First-Party access_token stealing |
|
|
|
| DOM-XSS in Instant Games due to improper verification of supplied URLs |
|
|
|
| Multiple bugs chained to takeover Facebook Accounts which uses Gmail. |
|
|
|
| More secure Facebook Canvas Part 2: More Account Takeovers |
|
|
|
| Multiple bugs allowed malicious Android Applications to takeover Facebook/Workplace accounts |
|
|
|
| More secure Facebook Canvas : Tale of $126k worth of bugs that lead to Facebook Account Takeovers |
|
|
|
| Disclose unconfirmed email/phone of a Facebook user |
|
|
|
| Oversightboard.com site-wide CSRF due to missing checking |
|
|
|
| Oculus SSO “Account Linking” bug leads to account takeover on third party websites and inside VR Games/Apps |
|
|
|
| One-click reflected XSS in www.instagram.com due to unfiltered URI schemes leads to account takeover |
|
|
|
| Identify a Facebook user by his phone number despite privacy settings set |
|
|
|
| Account takeover of Instagram accounts due to unrestricted permissions of third-party application’s generated tokens |
|
|
|
| Facebook account takeover due to unsafe redirects after the OAuth flow |
|
|
|
| Facebook account takeover due to a bypass of allowed callback URLs in the OAuth flow |
|
|
|
| Facebook account takeover due to a wide platform bug in ajaxpipe responses |
|
|
|
| Ability to find Facebook employee’s test accounts which lead to the disclosure of internal information. |
|
|
|
| Access private information about SparkAR effect owners who has a publicly viewable portfolio |
|
|
|
| Confirm if an invitation is sent to a specific email in Partners Portal / Possibility to resend the invitation |
|
|
|
| Disclose internal CMS objects content |
|
|
|
| Enumerate internal cached URLs which lead to data exposure |
|
|
|
| Expose Facebook object type (including private objects) |
|
|
|
| Expose information about Partner accounts in Partner portal |
|
|
|
| Leaking Facebook user information to external websites / Setting some cookies values |
|
|
|
| Make recruiting referrals on behalf of employees |
|
|
|
writeups.xyz
/
Youssef Sammouda (@Samm0uda)