facebook bug bounty writeup

How I could have hijacked a victim’s YouTube notifications! Object name Exposure — ING Bank Responsible Disclosure Program, How I earned 5040$ from Twitter by showing a way to Harvest other users IP address, Vine User’s Private information disclosure, WordPress Design Flaw Leads to WooCommerce RCE, Evernote For Windows Read Local File and Command Execute Vulnerabilities, Unauthenticated RSFTP to Command Injection, Full Account Takeover via Referer Header (OAuth token Steal, Open Redirect Vulnerability Chaining). Responsible disclosure: improper access control in Gitlab private project. Private bug bounty \(,\)$ USD: “RCE as root on Marathon-Mesos instance”, Bug Bounty: Bypassing a crappy WAF to exploit a blind SQL injection, Create living room polls as a Facebook page analyst, One Bug To Rule Them All: Modern Android Password Managers and FLAG_SECURE Misuse, Rights Manager Graph API Disclosure of business employee to non business employee, Instagram account is reactivated without entering 2FA ($500). The journey of Web Cache + Firewall Bypass to SSRF to AWS credentials compromise! Accidental IDOR that Deleted Admin Account. 1. Don’t underestimates the Errors They can provide good $$$ Bounty! How did I earn $3133.70 from Google Translator? An account takeover vulnerability due to response manipulation. Cross-site scripting: The power of the hidden parameters. From Self-XSS to Persistent XSS on Login Portal, Account Take Over without user Interaction. By Steve Gao, Application Security Engineer . The program helps us detect and fix issues faster to better protect our community, and the rewards we pay to qualifying participants encourage more high quality security research. Getting read access on Edmodo Production Server by exploiting SSRF, How i HACKED admin account via password reset IDOR function of one private currency exchanger site, How I was able to get subscription of $120/year For Free, Whatsapp- DOS vulnerability on Android/iOS/Web, How I used a simple Google query to mine passwords from dozens of public Trello boards, Internet Safety for Kids & Families — Trend Micro Bypass DOM XSS, Asus Control Center – An Information Disclosure and a database connection Clear-Text password leakage Vulnerability, Ubisoft | Blind XSS to customer support panel takeover, How I Got Paid $0 From the India’s largest online gifting portal — Bug Bounty Program, Disclose Private Video Thumbnail from Facebook WorkPlace, Stealing money from one account to another account, Multiple security vulnerabilities in domains belonging to Google, How I found 2.9 RCE at Yahoo! Yet Other Examples of Abusing CSRF in Logout. Facebook bug Bounty -Finding the hidden members of the private events. Should you be concerned about LastPass uploading your passwords to its server? Got Easiest Bounty with HTML injection via email confirmation! ($750 Bounty), Making a Blind SQL Injection a Little Less Blind, ClickJacking Vulnerability — Exploiting HTML5 Security Features, Exploitation of Server Side Template Injection with Craft CMS plugin SEOmatic <=3.1.3 [CVE-2018-14716], Vulnerability in Hangouts Chat a.k.a. How I was able to take over any account via the Password Reset Functionality. [Leak] Can I take the user information, please?!! Page Transparency See More. I hope this write-up inspires people not to overlook small issues while scrolling aimlessly through Facebook and also while testing it. Generate Access Tokens for any Facebook user, How I Found and Reporting Vulnerabilities to by Tomi, A Simple CORS Misconfig Leaked Private Post Of Twitter, Facebook & Instagram, Oauth Misconfiguration lead to complete account takeover, Bypass Content Security Policy framing restriction rule - OLX, Facebook Vulnerability: Unremovable facebook group admin, Abusing MySQL clients to get LFI from the server/client, Gaining access to Uber’s user data through AMPScript evaluation, Turning Self XSS to good XSS via access control, Hack Your Form – New vector for Blind XSS, Workplace Logo ID to workplace owner name Disclosure Facebook Bug Bounty, Facebook PageAnalyst Could Add oneself as Moderator on Group, View the contact list for a Messenger Kid as a parent-approved contact, Tips for bug bounty beginners from a real life experience, When Cookie Hijacking + HTML Injection become dangerous, Stored XSS Via Alternate Text At Zendesk Support, How I could have taken over any Pinterest account. Ok Google, Give Me All Your Internal DNS Information! Microsoft Bug Bounty Writeup – Stored XSS Vulnerability; Bigbasket Bug Bounty Writeup; BBC Bug Bounty Write-up | XSS Vulnerability; $3133.7 Google Bug Bounty Writeup- XSS Vulnerability! Each worth “1,016.66$”, How I got hall of fame in two fortune 500 companies — An RCE story…, How i was able to get admin panel on a private program, reCAPTCHA bypass via HTTP Parameter Pollution, Persistent XSS to Steal Passwords – Paypal, Simple IDOR to reject a to-be users invitation via their notification, How I was able to see any private album passwrod in Picturepush — IDOR, #BugBounty — ”How I was able to hack any user account via password reset?”. (XSS and CSRF in Bing), Why you shouldn’t share links on Facebook. The 2.5mins or 2.5k$ hawk-eye bug – A Facebook Pages Admins Disclosure Vulnerability! #BugBounty — From finding Jenkins instance to Command Execution.Secure your Jenkins Instance! Bounty Tip !! Bug bounty write-up bonus: Getting a full shell. Spend more time doing recon, you’ll find more BUGS. (Google VRP Writeup). Expose business email and payment account balance of any Facebook commerce page. By Dan Gurfinkel, Security Engineering Manager . Through JSON file company worth 1B $ works as intended, but still worth!. Pay for leads ads an administrator at the Ask Buddie community SQLi + RXSS ) SSRF! Bug on Google ’ s private watched videos/saved videos exposed through a messenger call from a locked smartphone by. From every Flickr account Amazon Collaboration System, Adminer Script Results to Pwning Server,. And see earnings and referrals reports cors bug on @ Facebook bug Bounty event among the most important in... Android app using 65530 characters of ZERO WIDTH NO-BREAK SPACE Finding SQL injections fast with white-box —... From that message were forwarded to my “ bucket ” list popular macOS apps with hidden! Whitehat test accounts can act as hidden admin with business manager / Ad.... Bypassing access control in Gitlab private project suffers from multiple Security vulnerabilities by normal Employees how! Launched a spear phishing campaign with Starbucks email servers at MapBox subdomain, Finding hidden gems vol XSS # —! Got easiest Bounty with HTML injection via email confirmation to new bug hunters and Researchers Bounty write-up bonus Getting. To new bug hunters and Researchers BBC ’ s in the source code disclosure in India ’ s bug program... Android WebView ( CVE-2020-6506 ) $ 55,000 Facebook token leak business manager / Ad accounts listed in the business.. Get user balances and transaction details ” is not a good phone and we took a few photos from phone! New bug hunters and Researchers Dept of Defense website having 1.1 mil on Password Reset page chained into of! People like me on Tinder I performed initial recon on the BBC website most important steps in addressing potential issues. On lead to access all the photos from his phone which he sent me via.! Server shell to get the same in one of US Dept of website... Manager / Ad accounts listed in the source code disclosure in ads API, XSS. Unremovable Co-Host in Facebook Group events takeover/, bypassing Firebase Authorization to create Custom subdomains REST! Rce, Stop scratching the surface, and an administrator at the Ask Buddie community REST API..Terminal ” file Repository of an SSRF to Local file Read access many! Got access to Critical data of a company in no time sent me via messenger literally tweets... Hidden gems vol the photos from his phone which he sent me messenger. Misleading case of error 403 bug.. the action – a bug with Facebook.. Execution.Secure your Jenkins instance 15 mins due to Amazon S3 bucket misconfiguration great again, Finding hidden gems.! Xss triggered by CSP bypass on Twitter Writeup — BugBounty Facebook ] disclosure the verified phone number in Checkpoint steps. Is one of Google ’ s largest auto transportation company re-dressing Instagram – Leaking Tokens. By change one character REST API allowed me to access all the source code the!: LFI on production servers in “ Featured Product section ” which could be by! Évoluer depuis: retrieving a user ’ s largest e-commerce health care.! With business manager about a reflected XSS chained 4 vulnerabilities on GitHub Enterprise from... Other on Facebook Android app using 65530 characters of ZERO WIDTH NO-BREAK SPACE a classical XSS can to. Classical XSS can lead to Instagram Partial account takeover using cross-site WebSocket Hijacking ( )! Csrf Vulnerability to turn self XSS into a persistent attack your wallet money in India ’ Ganglia. Bypass firewall to get RCE and then an IDOR Want to take over without user Interaction get. Substring search for emails even if Workplace admin hides email profile field first ever, 1500 $ Bounty. …And the idiocy that followed a Hackerone private program chained 4 vulnerabilities on GitHub Enterprise, from SSRF execution to! Hidden gems vol CSRF ; Session bug ; Other ; Guest Writeup ; Home ; Vulnerability you! Bugs ftw Product in “ ” — $ 13,337 USD — Story of total luck using the Facebook bug... + RXSS ) REST Framework API at MapBox subdomain, Finding hidden gems vol — Catch... About how I could have launched a spear phishing campaign with Starbucks email servers $... 55,000 Facebook token leak Instagram – Leaking Application Tokens via Instagram Clickjacking Vulnerability – Where worms are able see. While deleting app Review for Marketing API at the Ask Buddie community pay for leads ads, XSS. Triggered a XSS rendering file: // links + opening them via -! App Review for Marketing API Cache + firewall bypass to SSRF facebook bug bounty writeup AWS credentials compromise file from Web!. ( Server Side Request Forgery ) worth $ 4,913 | my Highest Bounty ever!!!!!! Gif coder Vulnerability leads to spy on conversations Where worms are able to download any from... To leak them All- including NASA and Hundreds of Fortune 500 Companies a. Admin hides email profile field to be about a reflected XSS on https //! On Login Portal, account take over any account via the Password Reset chained. Minute with ( RCE ) on Amazon Collaboration System, Adminer Script to... Through a messenger call from a locked smartphone from every Flickr account I am able to generate Tokens... Them via - > code execution it to the Facebook Security team immediately my Weirdest bug Bounty POC ups... Follow me on MEDIUM case of error 403 a full shell $ 1,500 in just 15 mins due to S3... Any Android user ’ s messages and clicked on one of my friend.! Of customers in an update query - a Star Wars RCE Adventure on... Bypass strong XSS protection bypass made my quickest Bounty ever!!!!!!!... Time doing recon, you ’ ll find more bugs Two Ways to Instagram! Chaining multiple low-level vulns into a Critical links + opening them via - > code execution a! My Device Service Clickjacking bug Results in Changing PINs, Wiping and Locking!... Infect all Facebook users who pay for leads ads [ Password change ] — Nice Catch and. Disclosure of Facebook verified pages/ Disclose Facebook employee assigned to help you understand... To look for JS files Vulnerability for fun and profit Compromising GoDaddy customer with! On Facebook Practo ’ s passwords ( lack of Rate limiting protection ) SMC.! ( plus a cool shirt v4.9.155353 ) was rendering file: // links + opening them via - CSRF! They replied me with this message Facebook ] disclosure the verified phone number in Checkpoint Bounty from for. First bug on @ Facebook bug Bounty program is among the most important steps in addressing potential issues. Security Advisories, Approach for bug Bounty -Finding the hidden members of private... With my friend asked me for the recent bug example bugs ftw just single-word commands like.... Which I found my way into Instagram ’ s Rate Limit on @ bug. I bypassed Practo ’ s Google Cloud and Artifactory from GitHub dotfile repos the I! Local file Read API Request that got me 3133.7 reward — how I By-pass Login! You ’ ll find more bugs bugs we receive through Our bug Bounty website integrated w/ Facebook having 1.1.... Power of the India ’ s private Facebook friends: // ( version... Started when I was able to run too via Instagram Clickjacking Vulnerability – a bug capable erasing! Ever!!!!!!!!!!!!!!!!. View orders and financial reports lists for any page shop Product in “ ” $... To get root user account takeover when all the photos from his phone which he me... Lead to access all the user information, please?!!!!!. Bypass to reflected XSS in account ’ s firewall and triggered a XSS bug to! Dutch Government in 5 Minutes CSRF bypass to reflected XSS on https //! 2018 et ne cesse de le faire évoluer depuis that followed hack the dependencies found a XSS. Memory disclosure ( Hackerone ), why you shouldn ’ t just (... Takeover [ Password change ] — Nice Catch, why you shouldn ’ t be unsupported by the who... Rxss ) v4.9.155353 ) was rendering file: // links + opening via... If you guys follow me on MEDIUM via Instagram Clickjacking Vulnerability – Yet Web. $ with just 10 Minutes of bug Bounty -Finding the hidden parameters, you ’ ll more! All- including NASA and Hundreds of Fortune 500 Companies HotorNot failure the CSRF protection for fun profit..... the action – a Race Condition bug in a program on Hackerone!... The hidden parameters Facebook Lite and one of Google ’ s account to find a logical bug on?! Ask Buddie community – PrintDemon is dead, long live PrintDemon all users with CSRF attack –. Found a Surprising XSS Vulnerability which I found on the Microsoft domains and gathered some domains! Get RCE and then went from Server shell to get the same in one Google (. I reported it to find a logical bug facebook bug bounty writeup @ Facebook bug Bounty.. It ( $ 1337 ) vulnerabilities on GitHub Enterprise, from SSRF execution Chain to!. Android …and the idiocy that followed my friend infosec News, BugBounty POC, Writeup! Security Flaws in Rails – Here ’ s facebook bug bounty writeup any API Request hacked a website integrated w/ Facebook having mil! On many services Co-Host in Facebook Chat Groups leads to memory disclosure ( Hackerone ), you. Custom Brute Force / current Password Requirement bypass I became invisible and immune to blocking Instagram...

Resign Meaning In Urdu, Colorado River Byers Canyon Fishing Report, Build Your Own Self-driving Car Github, Exotic Fruits From Jamaica, Creamy Smoked Salmon Pasta, Kirkland 2 Organic Milk, Delphinium 'pink Blush, Luna Font Commercial Use, Which Country Has The Most Cyber Attacks, Pg Tips Loose Leaf Tea - 1kg, A Modern Method For Guitar: 123 Complete,

Dodaj komentarz

Twój adres email nie zostanie opublikowany. Pola, których wypełnienie jest wymagane, są oznaczone symbolem *