writeups.xyz writeups.xyz / Meta / Facebook

Title Vulnerabilities Programs Authors
Missing permission check for Facebook gaming community invites
Facebook Vulnerability: Expose Group Member — $3000
Not valid bug that leads to us a multiple Valid Report in Facebook
How I Found Multiple Bugs On FaceBook In 1 Month And a Part For My Methodology & Tools
Facebook Vulnerability: $1500 for Removing Document Cover
Facebook Email/phone disclosure using Binary search
View Other User Private Livestream Data
Bulletin.com email address leak
Disclose unconfirmed email/phone of a Facebook user
Oversightboard.com site-wide CSRF due to missing checking
User’s location diclosure in the “Nearby Friends” feature. $15,500 Bounty
How I could have accessed all your private videos/photos saved inside your device without even unlocking it?
Disclose leads form details of any Facebook Business Account or Facebook Page (Bug Bounty)
CSRF from which we can create a support ticket in Victim’s Account (500$)
Victim’s Anti CSRF Token could be exposed to Third-party Applications installed on user’s Device (500$)
Oculus SSO “Account Linking” bug leads to account takeover on third party websites and inside VR Games/Apps
Third-Party Apps were still getting your private Facebook data even after their access expiry.
Writeups: Facebook Whitehat program(2021): Instagram Live setting bug
One-click reflected XSS in www.instagram.com due to unfiltered URI schemes leads to account takeover
Simple logical Bug turned into a bounty
Workplace by Facebook | Unauthorized access to companies environment — $27,5k
Identify a Facebook user by his phone number despite privacy settings set
Account takeover of Instagram accounts due to unrestricted permissions of third-party application’s generated tokens
Facebook account takeover due to unsafe redirects after the OAuth flow
Page Owners Can’t remove or change page roles of deactivated users (or if Attacker blocks the page owner) in Facebook Lite, Facebook for Android and touch.facebook.com