| Open redirect in Instagram.com |
|
|
|
| XSS in Facebook CDN due to improper filtering of uploaded files extensions |
|
|
|
| Access files uploaded by employees to internal CDNs / Regenerate URL signature of user uploaded content. |
|
|
|
| Delete linked payments accounts of a Facebook page (or user) |
|
|
|
| Leak of internal categorySets names and employees test accounts. |
|
|
|
| URLs in img tag aren’t passed through safe_image.php which lead to exposure of Facebook users IPs. |
|
|
|
| Expose the email address of Workplace users |
|
|
|
| XSS on forums.oculusvr.com leads to Oculus and Facebook account takeovers |
|
|
|
| Bad regex used in Facebook Javascript SDK leads to account takeovers in websites that included it |
|
|
|
| Facebook DOM Based XSS using postMessage |
|
|
|
| Disclose content of internal Facebook javascript modules ( Revisited ) |
|
|
|
| Admin disclosure of Facebook verified pages/ Disclose Facebook employee assigned to help a verified page. |
|
|
|
| Disclose internal files related to testing of some Facebook tools |
|
|
|
| Disclose the Instagram account linked to a Facebook user account or page |
|
|
|
| Internal directories enumeration in www |
|
|
|
| Privilege escalation in Partners Portal to Admin access |
|
|
|
| Add draft subtitles to any Facebook video and Full Path Disclosure |
|
|
|
| Exposure of Facebook object type by knowing the object ID |
|
|
|
| Ability to bruteforce Instagram account’s password due to lack of rate limitation protection |
|
|
|
| Generate valid signatures for files hosted in Facebook CDNs |
|
|
|
| Facebook CSRF bug which lead to Instagram Partial account takeover. |
|
|
|
| Cross-Site Websocket Hijacking bug in Facebook that leads to account takeover |
|
|
|
| Reflected XSS in graph.facebook.com leads to account takeover in IE/Edge |
|
|
|
| HTML to PDF converter bug leads to RCE in Facebook server |
|
|
|
| Access portal of Facebook mobile retailers and see earnings and referrals reports. |
|
|
|
writeups.xyz
/
Youssef Sammouda (@Samm0uda)