| Abusing Facebook’s feature for a permanent account confusion(logic vulnerability) |
|
|
|
| Pre-hijacked accounts: An Empirical Study of Security Failures in User Account Creation on the Web |
|
|
|
| Multiple bugs chained to takeover Facebook Accounts which uses Gmail. |
|
|
|
| Remotely permanent crash any Instagram user via permanent DoS in user DM's. |
|
|
|
| Page Admin Disclosure when Posting a Reel |
|
|
|
| Contact Point Deanonymization Vulnerability in Meta |
|
|
|
| Privacy Disclosure on Facebook Lite after Creating a Post |
|
|
|
| Meta's SparkAR RCE Via ZIP Path Traversal |
|
|
|
| Spoof as another Facebook user to report an impostor account |
|
|
|
| View Friends List of any users using “View as” | Facebook Bug bounty |
|
|
|
| Demographic Misconfiguration on Facebook live |
|
|
|
| WhatsApp Bug Bounty: Bypassing biometric authentication using voip |
|
|
|
| 4300$ Instagram IDOR Bug (2022) |
|
|
|
| Bypassing default visibility for newly-added email in Facebook(Part I - Submitting I.D) |
|
|
|
| Instagram App Access Token |
|
|
|
| How I could’ve bypassed the 2FA security of Instagram once again? |
|
|
|
| Trim private live videos and access them (Meta bug bounty) |
|
|
|
| Facebook Oauth bypass |
|
|
|
| Abusing Facebooks `Call To Action` To Launch Internal Deeplinks |
|
|
|
| Missing rate-limiting. How I was able to add any unowned phone number to my Facebook account? (Bounty: 5000 USD) |
|
|
|
| FB Lite All Users Active Status Changed |
|
|
|
| How I was able to spoof any Instagram username on Instagram shop |
|
|
|
| Facebook android webview vulnerability : Execute arbitrary javascript (xss) and load arbitrary website |
|
|
|
| WhatsApp for Android Retains Deleted Contacts Locally |
|
|
|
| [IDOR] add or remove the linked publications from Author Publisher settings — Facebook Bug Bounty |
|
|
|
writeups.xyz
/
Meta / Facebook