writeups.xyz writeups.xyz / Meta / Facebook

Title Vulnerabilities Programs Authors
Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center
500$ From Meta by reporting a HTMLi(Accidental Bug)
Stealing First Party Access Token of Facebook Users: Meta Bug Bounty
Bypassing Account Suspension Using Anonymous Posting | Facebook Bug Bounty
Back to the (Clip)board with Microsoft Whiteboard and Excalidraw in Meta (CVE-2023-26140)
Add comment on a private Oculus Developer support
Break saved option for other users in facebook – From N/A to valid bug
Disclose latest stream video asset earnings for any gaming streamer page
Disclose private mockups for other users in facebook Creative Hub
How I found a simple bug in Facebook events without any Test
Persistent Distorted Posts Issue and Unremovable Content in Facebook Group
Send messages through notification to facebook & workplace users without getting blocked
Sign up for Brand Collabs Manager on behalf of other page admins – Privilege Escalation
How I found RXSS in Facebook, Twitter and Google training academy
Unauthorized Disclosure of Video Thumbnails in Facebook Workplace
Playing With Fire – How We Executed A Critical Supply Chain Attack On Pytorch
OAuth 2.0 Redirect URI Validation Falls Short, Literally
How I could view any Facebook Groups Notes media, and they paid me a $10,000
Bypassing Link Sharing Protection in Messenger Kids Parent’s Control Feature | Meta Bug Bounty
Facebook Creator Studio Misconfiguration $$$$
Accessing to Data Sources of any Facebook Business account via IDOR in GraphQL
Facebook bug: A Journey from Code Execution to S3 Data Leak
Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation
Account takeover of Facebook/Oculus accounts due to First-Party access_token stealing
DOM-XSS in Instant Games due to improper verification of supplied URLs