writeups.xyz / Header spoofing via a hidden parameter in Facebook Batch GraphQL APIs

Submitter : c2a

Date: 21 November 2022

Bounty : 3,000

Vulnerabilities :

• GraphQL
• Security Misconfiguration

Programs :

• Meta / Facebook

Authors :

• David Schütz (@Xdavidhu)

Link :
https://feed.bugs.xdavidhu.me/bugs/0017