| I am able to see user’s sensitive data through JSON file. |
|
|
|
| Global grant uri in Android 8.0-9.0 (2018 year) |
|
|
|
| Case Study I - Browser Anomaly with Facebook Apps -1500$ |
|
|
|
| Bypassing Message Request inbox |
|
|
|
| Become member of close & public group |
|
|
|
| Change any link at https://fbwat.ch/ |
|
|
|
| Easy bounties with subdomain discovery - Using Project Sonar for bug bounty |
|
|
|
| Change the profanity filter for any Facebook page |
|
|
|
| A tale of verbose error message and a JWT token |
|
|
|
| Private Dashboards were accessible by other Admins in Analytics Dashboard |
|
|
|
| Ok Google! bypass ‘flag_secure’ |
|
|
|
| Private giant chat app – Send message to victim while sender blocked |
|
|
|
| Messenger Rooms Bug Bounty Write-up |
|
|
|
| Hiding ourself in close friend’s list and avoiding victim to remove us from his close friend’s list. |
|
|
|
| How was i able to find privilege escalation. |
|
|
|
| Restriction is not a promise : Privilege escalation on Google. |
|
|
|
| Generate valid signatures for FBCDN urls |
|
|
|
| Generate valid signatures for files hosted in Facebook CDNs |
|
|
|
| SQL Injection Via Stopping the redirection to a login page |
|
|
|
| Account Hijack using Authorization bypass $$$$ |
|
|
|
| Page Admin Disclosure via an Upgraded Page Post |
|
|
|
| Hunting Tesla Model Y Secrets in the Parts Catalog |
|
|
|
| Hijacking shared report links in Google Data Studio |
|
|
|
| Tumblr Bug Bounty ( $200) |
|
|
|
| User Account Takeover via Signup Feature | Bug Bounty POC |
|
|
|
writeups.xyz
/
Broken Authorization