Facebook SMS Captcha Was Vulnerable to CSRF AttackThis post is about an bug that I found on Meta (aka Facebook) which allows to make any Endpoint as POST request in SMS Captcha flow which…Oct 17, 20222Oct 17, 20222
Contact Point Deanonymization Vulnerability in MetaThis post is about an bug that I found on Meta (aka Facebook) which used to find a linked Primary email address of a account using mobile…Apr 28, 20222Apr 28, 20222
Confirming any new Email Address bug in Facebook (Part-4)This post is about an bug that I found on Facebook which used to Confirming any email address in new Facebook account by using IP and…Aug 17, 20211Aug 17, 20211
How to Rotate IP ADDRESS For Each Request in Burp SuiteThis post is about to explain how to rotate IP address for each request using Burp Suite.Aug 17, 20212Aug 17, 20212
Delete Any Photos In FacebookThis post is about an bug that I found on Facebook which used to delete any publicly visible photos by editing the series featureNov 3, 20201Nov 3, 20201
Reveal the page admin that uploaded a video on the page in comment sectionThis post is about an bug that I found on Facebook which used to disclose the page role person’s User ID when posted a video on comment…Nov 2, 2020Nov 2, 2020
Disable Any Unconfirmed Account in FacebookThis post is about an bug that i found on Facebook which used to Disable any new unconfirmed account in Facebook by using IP Rotation…Nov 21, 20191Nov 21, 20191
CSRF Email Confirmation Vulnerability for Gmail & G-Suite in FacebookThis post is about an bug that i found on Facebook which used to verify any new Gmail and G-Suite account with minimal Victim’s…Jul 16, 20191Jul 16, 20191
Bypass OAuth nonce and steal oculus response codeThis post is about an bug that i found on Facebook Oculus Application OAuth which could have been used to bypass nonce and steal…Nov 7, 20171Nov 7, 20171
Stealing Facebook MailChimp Application OAuth 2.0 Access TokenThis post is about an bug that i found on Facebook MailChimp Application OAuth 2.0 which could have been used to steal Access_token. and…Nov 7, 20171Nov 7, 20171