How I got access to critical data of a Company in no time ? How I found a Privilege Escalation Bug in a private Ecommerce? Chain The Bugs to Pwn an Organisation ( LFI + Unrestricted File Upload = Remote Code Execution ), XSS Vulnerabilities in Multiple iFrame Busters Affecting Top Tier Sites, Vertical escalation of privileges Leading to Sensitive Data Exposure, User Account takeover in India’s largest digital business company, IDOR User Account Takeover By Connecting My Facebook Account with victims Account, Persistent Cross-Site Scripting on redacted worth $2,000, How I hijacked your account when you opened my cat picture, Hacking your own antivirus for fun and profit (Safe browsing gone wrong), Reflected DOM XSS and CLICKJACKING on https://silvergoldbull.de/bt.html, Open-Redirect Vulnerability in udacity.com, How to do 55.000+ Subdomain Takeover in a Blink of an Eye, Authentication Bypass Using SQL Injection AutoTrader Webmail – Bug Bounty POC, Stored XSS Vulnerability in H1C Private site, Making the Facebook app more secure - $8500 bounty, ZOL Zimbabwe Authentication Bypass to XSS & SQLi Vulnerability – Bug Bounty POC, How I find Open-Redirect Vulnerability in redacted.com (One of the top online payment processing service website), Disclosure of Facebook Page Admin due to insecure tagging behavior, SQL Injection Vulnerability bootcamp.nutanix.com | Bug Bounty POC, Bypassing Hotstar Premium with DOM manipulation and some JavaScript, RCE Unsecure Jenkins Instance | Bug Bounty POC, Write-up - Love story, from closed as informative to $3,500 USD, XSS stored in Yahoo! Firefox: How a website could steal all your cookies, Stealing User’s PII info by visiting API endpoint directly, Optimizing Hunting Results in VDP for use in Bug Bounty Programs - From Sensitive Information Disclosure to Accessing Hidden APIs which can be used to Retrieve Customer Data, Microsoft Bug Bounty Writeup – Stored XSS Vulnerability, Theoretically Possible To Practical Account Takeover, Replying Comments On Someone’s LiveStream From Page is Posted as Personal Identity, How I Found The Facebook Messenger Leaking Access Token Of Million Users, Commenting on a post by opening it via page’s news-feed goes from a wrong actor (i.e. And I would love to follow you guys back if you guys follow me on MEDIUM. and bug bounty. Should you be concerned about LastPass uploading your passwords to its server? Filter Bypass to Reflected XSS on https://finance.yahoo.com (mobile version). How I leveraged an interesting CSRF vulnerability to turn self XSS into a persistent attack? Multiple Host Header Attacks after bypassing protection with… a Header Attack, Blind Xss (A mind game to win the battle), AirDoS: Remotely render any nearby iPhone or iPad unusable, Media deletion CSRF vulnerability on Instagram. Broken API enables me to leak/modify any users personal information, Fabric.io API permission apocalypse – Privilege Escalations, How we tookover shopify accounts with one single click, How a simple IDOR become a $4K User Impersonation vulnerability, Managed Apps and Music: a tale of two XSSes in Google Play. Get link; Facebook; Twitter; Pinterest; Email; Other Apps - April 05, 2020 Hi guys First things first, I hope all of you and your families are safe during this COVID-19 pandemic. How i was able to bypass strong xss protection in well known website. HTTP Parameter Pollution - It’s Contaminated, Disclose content of internal Facebook javascript modules ( Revisited ), Increasing reward points N number of time, Chaining rate limiting for account lockout, How I landed on my first bounty : No SPF / DMARC Record Found leading to Social Engineering Attack, Unique Case for Price Manipulation | BugBounty | VAPT, Creative Android pin bypass with Race conditon, The Story of My first 4 digit bounty from Facebook. Privilege Escalation via Account Takeover on NodeBB Forum Software — Bug Bounty (512$), Reflected XSS via a hidden parameter on Dutch Gov. Facebook a lancé le sien en 2018 et ne cesse de le faire évoluer depuis. User’s private watched videos/saved videos exposed through a messenger call from a locked smartphone. Bugcrowd’s Domain & Subdomain Takeover vulnerability! How I was able to remotely crash any android user’s instagram app and was paid a mere 500$ for it. Facebook Bug bounty Story: $X000 for an Information Disclosure Bug, How I made $7500 from My First Bug Bounty Found on Google Cloud Platform, Drop the mic?! Facebook bug Bounty -Finding the hidden members of the private events. . YQL, Yahoo! Blocked User Can Send Notification Due to Logical Bug in Instagram | First Instagram Bug, What is your GCP infra worth?…about ~$700 [Bugbounty], User’s email disclosure via invalid password reset link [$250], API secret key Leakage leads to disclosure of Employee’s Information. Vulnerability Patched. Notify me of follow-up comments by email. Weak Password Setting function on practo.com, CVE-2018–5230 | JIRA Cross Site Scripting, Kud I Enter Your Server? Bug Hunting Stories: Schneider Electric & The Andover Continuum Web.Client. Bug Bounty POC Blog. 4: Rakefile a.k.a. We recently awarded our biggest bug bounty payout ever, and since it's a great validation of the program we've been building and running since 2011, we thought we'd take a few minutes to describe the issue and our response. Page shops with a hidden Product in “Featured product section” which could be controlled by attacker (Ex Editor). Got Easiest Bounty with HTML injection via email confirmation! 2: REAMDE.md, the story of a bit too helpful readme file, Reflected Swf XSS at ( https://plugins.svn.wordpress.org ), How i found a 1500$ worth Deserialization vulnerability, IDOR FACEBOOK: malicious person add people to the “Top Fans”, Uber Bug Bounty: 1000$ for two “high severity” issue, Privileged Escalation in Facebook Messenger Rooms, SQL Injection Vulnerability In University Of Cambridge, Liking GitHub repositories on behalf of other users — Stored XSS in WebComponents.org, User credential are sent in clear text in Whatsapp web— FIXED | Facebook Bug Bounty, IDOR leads to getting Access tokens of users linked to Google Drive on Edmodo, Distorted and Undeletable Posts in Facebook Group, How I Chained 4 Bugs(Features?) Re-dressing Instagram – Leaking Application Tokens via Instagram ClickJacking Vulnerability! Although these bugs aren’t related to our own code, we want researchers to have a clear channel to report these issues if they could lead to our users’ data potentially being misused. How Outdated JIRA Instances suffers from multiple security vulnerabilities? How i bypassed AKAMAI KONA WAF , XSS in overstock.com ! How I hacked Facebook: Part One . Recon . Unauthenticated RCE on MobileIron MDM, Universal XSS in Android WebView (CVE-2020-6506). I just wanted to share my happiness with other people and I really hope that this write-up helps people in finding issues on Facebook or any other platform that has a bug bounty program. And on 16th April, they replied me with this message. Exploiting popular macOS apps with a single “.terminal” file. Update: Want to take over the Java ecosystem? A tale of verbose error message and a JWT token, DOM XSS in Gmail with a little help from Chrome, #BugBounty — Adding Money Using Response Modification, Private Dashboards were accessible by other Admins in Analytics Dashboard, Reflected XSS on Microsoft.com via Angular Js template injection, Exposure of Facebook object type by knowing the object ID, Add draft subtitles to any Facebook video and Full Path Disclosure. How i was able to upload files to api.techprep.fb.com, Token Brute-Force to Account Take-over to Privilege Escalation to Organization Take-Over, Change Anyone’s profile picture-Exploiting IDOR, Proof Of Concept Nokia Cross Site Scripting, Facebook WhiteHat: Able to access group plan even after leaving the group, Billion Laugh Attack in https://sites.google.com, XSS to XXE in Prince v10 and below (CVE-2018-19858), Complete User Account Takeover on an Android Application, How to accidentally find a XSS in ProtonMail iOS app, [BBP系列三] Hijack the JS File of Uber’s Website, Love Story Of A Account Takeover (Chaining Host Header Injection To Takeover Someones Account), Exploiting post message to steal and replace user’s cookies. We had a good share of a laugh, but deep inside I was having an evil laugh as I was excited that I had found a security issue on Facebook again! Timeline (TL;DR) Report Sent. Reflected XSS in Django REST Framework Api at MapBox Subdomain, Finding hidden gems vol. Admin disclosure of Facebook verified pages/ Disclose Facebook employee assigned to help a verified page. RCE via Apache Struts2 - Still out there. admin.google.com Reflected Cross-Site Scripting (XSS), Yahoo – Root Access SQL Injection – tw.yahoo.com, Papyal XML Upload Cross Site Scripting Vulnerability, How I discovered a 1000$ open redirect in Facebook, Reflected Cross Site Scripting at Paypal.com, Reading local files from Facebook’s server (fixed), Google Bug Bounty: Nice Catch on Google Cloud Platform Live, Reflected Cross Site Scripting BillMeLater, Facebook Bug Bounty: secondary damage (revisited) why I really like reporting to Facebook too :). Access portal of Facebook mobile retailers and see earnings and referrals reports. 3: quick win with .sh file, P1 Like a Boss | Information Disclosure via Github leads to Employee Account Takeover | Bug Bounty POC, Bypass HackerOne 2FA requirement and reporter blacklist, It’s all in the detail: Email leak & Account takeover thanks to WayBackMachine & extensive knowledge about the program, IDOR in JWT and the shortest token you will ever see {}. Facebook Source Code Disclosure in ads API, Stored XSS Vulnerability in Jotform and H1C Private Site. Mitigated with a temporary fix. 1. Facebook is showing information to help you better understand the purpose of a Page. $0, Logic flaw, Password reset flaw, Account takeover, Logic flaw, Authorization flaw, Payment bypass, NTLMv2 hash disclosure, One-click execution of arbitrary .Net assemblies, Authorization flaw, Account takeover, Homograph attack, MacOS privilege escalation, Authorization flaw, 2FA bypass, Bruteforce, Lack of rate limiting, AWS misconfiguration, Information disclosure, Authorization flaw, Client-side enforcement of server-side security, Information disclosure, Lack of rate limiting, Authentication bypass, Logic flaw, Password reset flaw, Account takeover, Bruteforce, Lack of rate limiting, Account takeover, Exposed JWT generation endpoint, Hardcoded credentials, Information disclosure, CORS misconfiguration, CSRF, Account takeover, Client-side enforcement of server-side security, Exposed token generation endpoint, Information disclosure, Outdated component with a known vulnerability, DoS, RCE, Default credentials, SSRF, Reflected XSS, RCE, Information disclosure, Lack of rate limiting, Bruteforce, Weak credentials, Information disclosure, Internal directories enumeration, OTP bypass, Bruteforce, Lack of rate limiting, Lack of authentication, Information disclosure, CRLF, HTTP response splitting, Reflected XSS, Account takeover, Login screen bypass, Authentication bypass, Password reset flaw, DoS, Lack of rate limiting, Broken access control, Authorization flaw, Account takeover, Password reset flaw, Sign-up flaw, Stored XSS, Information disclosure, Unrestricted file upload, OAuth misconfiguration, Account takeover, CSRF, Account takeover, Password reset flaw, Cryptographic issues, Information disclosure, Outdated component with a known vulnerability, Wordpress takeover, RCE, Security misconfiguration, Open redirect, DOM-based open redirect, OAuth token theft, Password reset flaw, HTTP parameter pollution, IDOR, Password reset flaw, Email confirmation bypass, Zero-Click Unauthorized Access to Sensitive Data, Password reset flaw, Information disclosure, Account takeover, Information disclosure, Lack of authentication, Authentication bypass, Lack of rate limiting, Credentials sent over unencrypted channel, SSRF, Reflected XSS, Authentication bypass, Host header injection, Password reset flaw, Password reset flaw, Information disclosure, Information disclosure, Lack of rate limiting, Bruteforce, Race condition, DoS, Logic flaw, Session management flaw, Lack of authentication, Information disclosure, Authorization flaw, Authorization flaw, Information disclosure, Account takeover, HTTP Parameter pollution, Password reset flaw, OTP bypass, Information disclosure, Hardcoded credentials, AWS misconfiguration, Directory listing, Information disclosure, Stored XSS, CSP bypass, Open redirect, RCE, Unrestricted file upload, XSS, Authorization flaw, Broken access control, Information disclosure, Cross-Site Websocket Hijacking, Account takeover, Account takeover, Logic flaw, Authorization flaw, Account takeover, Password reset flaw, Lack of rate limiting, HTTP request smuggling, Account takeover, Open redirect, Internal header disclosure, Alibaba, Verizon Media, [Private program], XSS, Privilege escalation, Information disclosure, Insecure storage of sensitive information, RCE, Heap Buffer Overflow, Heap Use-After-Free, Unrestricted file upload, Authorization flaw, CORS misconfiguration, Open redirect, Reflected XSS, Session management flaw, Lack of authentication, Privilege escalation, Denial of Service, Commit Hash Collisions, Directory listing, Information disclosure, RCE, XSS, Logic flaw, Information disclosure, Information disclosure, SQL injection, Authentication bypass, Unrestricted file upload, RCE, XSS, Race condition, RCE, Unrestricted file upload, Information disclosure, Authentication bypass, IDOR, Internal path disclosure, Information disclosure, IDOR, Password reset flaw, Account takeover, IDOR, SSRF, Information disclosure, CORS misconfiguration, Open redirect, OAuth token theft, Account takeover, Password reset flaw, IDOR, Account takeover, Source code disclosure, Information disclosure, $0 (150€ + 150€ platform credit promised but not delivered), Email confirmation bypass, Information disclosure, HTML injection, HTTP Leak, Account takeover, Privilege escalation, Information disclosure, Cross-Site WebSocket Hijacking (CSWH), Account takeover, Side-channel attack, Cross-Site Frame Leakage (CSFL), Web cache deception, Information disclosure, Lack of rate limiting, Information disclosure, XSS, XXE, RCE, Lack of authentication, Authentication flaw, Hardcoded credentials, Directory listing, SQL injection, Authentication bypass, Email verification bypass, Authorization flaw, Email validation bypass, Authorization flaw, Client-side validation bypass, Authentication bypass, Authorization flaw, Privilege escalation, Stored XSS, Object Injection, OAuth flaw, Authentication bypass, Account takeover, Parameter tampering, Authorization flaw, IDOR, Account takeover, Privilege escalation, Bruteforce, Account takeover, OTP bypass, Password reset flaw, Information disclosure, Lack of rate limiting, .git folder disclosure, Source code disclosure, Logic flaw, 2FA bypass, Authentication flaw, Information disclosure, Authentication bypass, Account takeover, Thick client flaw, Credentials sent over unencrypted channel, Logic flaw, Authorization flaw, Information disclosure, Information disclosure, Hardcoded credentials, AWS flaw, Misconfigured JSF ViewState, Java deserialization, Account takeover, Information disclosure, Password reset flaw, Outdated component with a known vulnerability, Information disclosure, RCE, Information disclosure, Debugging enabled, Privilege escalation, Improper session management, HTTP Parameter Pollution, Password reset flaw, Account takeover, reCAPTCHA bypass, email enumeration, username enumeration, Password reset flaw, Account takeover, Bruteforce, OTP bypass, IDOR, Account takeover, Password reset flaw, CSV injection, Server side spreadsheet injection, Formula injection, RCE, Expression Language Injection (JSTL), Information disclosure, RCE, Clickjacking, XSS, Same Origin Method Execution, IDOR, Stored XSS, Account takeover, Blind XSS, HTTP parameter pollution, reCAPTCHA bypass, Broken access control, Directory traversal, Stored XSS, Open redirect, subdomain takeover, XSS, HTTP parameter pollution, okex.com, livecoin.net, [private program], Authorization flaw, CSRF, IDOR, Stored XSS, HTML injection, Blind XSS, Blind SQL injection, SMTP header injection, Account takeover, Authentication bypass, Authorization flaw, SQL injection, SQL injection, Auth bypass, Account takeover, Authorization flaw, Logic flaw, Information disclosure, DOM XSS, Stored XSS, Logic flaw, Reflected XSS, CSRF, Web parameter tampering / Price manipulation, OAuth flaw, Authentication flaw, Information disclosure, Read-only access to private server files, Blind SSRF/Blind XXE, Stored XSS, Reflected XSS, SSRF, Command injection, Gitlab, Slack, Yammer, Kayako, Zendesk & more, Subdomain takeover, Authentication bypass, OAuth flaw, Login CSRF, Open redirect, Authentication bypass, Oracle Responsys, Facebook, Linkedin, Dropbox, postMessage flaw, Violation of Secure Design Principles, Account takeover, IDOR, Password reset flaw, OAuth flaw, account takeover, Stored self-XSS, CSRF, Account takeover, Payment hijacking, Bruteforce, Information disclosure, Logic flaw, IDOR, Stored XSS, Reflected XSS, Default credentials, Privilege escalation, Open redirect, Account takeover, Information disclosure. Disclosing wifi password via content provider injection in Xiaomi, How I was able to send Authentic Emails as others — Google VRP [Resolved], How recon helped me to find an interesting bug…, Open Sesame: Escalating Open Redirect to RCE with Electron Code Review, Crowdsource Success Story: From an Out-of-Scope Open Redirect to CVE-2020-1323, Deleted data stored permanently on Instagram? August 21, 2019. users under 45 seconds. Technical breakdown. Ssrf to Read Local Files and Abusing the AWS metadata. Twitter Account Takeover, A simple post auth bypass leads to unauthorized web server access, Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty, Live Video facebook application (Android) its not expired when log out the device on https://www.facebook.com/settings?tab=security§ion=sessions&view, GraphQL introspection leads to sensitive data disclosure, 5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!). How a classical XSS can lead to persistent ATO Vulnerability? How I bypassed 2fa in a 3 years old private program! How I was able to earn 1000$ with just 10 minutes of bug bounty? #BugBounty — How I could book cab using your wallet money in India’s largest auto transportation company! How did I earn $3133.70 from Google Translator? Go Pro, get Bugs! He had a good phone and we took a few photos from his phone which he sent me via messenger. User Account Takeover [Password Change]— Nice Catch! Setting Up Gitrob and using it to find Leaking Repository of an Employee in a hackerone private program. Thick Client — Attacking databases the fun/easy way, Arbitrary File Read in one of the largest CRMs, Weaponizing XSS Attacking Internal System, Subdomain Takeover via Unsecured S3 Bucket Connected to the Website. Brute Forcing User IDS via CSRF To Delete all Users with CSRF attack. Client side validation strikes again: PIN code bypass ! See actions taken by the people who manage and post content. How I earn $500 from Razer open S3 bucket, My First RCE (Stressed Employee gets me 2x bounty), The Bug That Exposed Your PayPal Password. Samsung S20 - RCE via Samsung Galaxy Store App, GitHub Pages - Multiple RCEs via insecure Kramdown configuration - $25,000 Bounty, Back to 2019: Disclosure Employers PII and Credentials, GitHub Gist - Account takeover via open redirect - $10,000 Bounty, GitHub - RCE via git option injection (almost) - $20,000 Bounty, Disclose Emails, phone numbers, more For Facebook users who tried to add funds to their account. Multiple API issues due to Fixed Authorization token. (Hall Of Fame), suPHP - The vulnerable ghost in your shell, Unauthenticated File upload Vulnerability on Synology Sub-domain, How I earned $500 from Google - Flaw in Authentication, $25K Instagram Almost XSS Filter Link — Facebook Bug Bounty. Chains on Chains: Chaining multiple low-level vulns into a Critical. Phone number validation bypass through url path manipulation . Pour une entreprise technologique, avoir un programme de bug bounty est devenu indispensable. Infosec News, BugBounty POC, CTF Writeup, Security Advisories, Approach for Bug Bounty Posts. Today,…, After bringing dark mode in facebook messenger, Facebook has added WhatsApp like "Quoted Replies" in facebook messenger conversations. Account Takeover Using Cross-Site WebSocket Hijacking (CSWH). [REDACTED].com, Application Level Denial of Service [DoS] using SVG file in https://[REDACTED].com (Write Up), Read other user support tickets in https://support..com (Write Up), Writing my Medium blog to complete account takeover, Exploiting Out Of Band XXE using internal network and php wrappers, BugBounty WriteUp — Creative thinking is our everything (Race Condition + Business Logic Error), Vulnerability in Hangouts Chat: from open redirect to code execution, Leveraging AngularJS-based XSS to Privilege Escalation, From Sub domain Takeover to Open-Redirect. Track current support requests and report any issues using the Facebook Platform Bug Report tool. Step-by-step: exploiting SQL injection(s) in Oculus’ website. Making bug triage faster and simpler: rolling out Facebook’s Bug Des … cription Language By Steve Gao, Application Security Engineer The initial triage of security bugs we receive through our Bug Bounty program is among the most important steps in addressing potential security issues. The story of my first ever, 1500$, bounty from Facebook. Bug Bounty Awarded. Facebook Bug Bounty 2020, Improper Implementation of My Status video time limit in WhatsApp, False2True, Match and Replace bug hunting — A cautionary tale. How did I bypass a Custom Brute Force protection and why that solution is not a good idea? Facebook has operated a bug bounty program in which external security researchers help improve the security and privacy of the social network's products and … Pwning eBay - How I Dumped eBay Japan’s Website Source Code, Instagram Multi-factor authentication Bypass, Disclose contact_email of any Facebook application. All Bug Bounty POC write ups by Security Researchers. This writeup is about an easy catch in Facebook Lite that led me to win a bug bounty from Facebook unexpectedly for the first time. SOAP- Based Unauthenticated Out-of-Band XML External Entity (OOB-XXE) in a Help Desk Software, Facebook hidden redirection vulnerability, XSS with HTML and how to convert the HTML into charcode(), Google sites and exploiting same origin policy, Cookie-based-injection XSS making exploitable with-out exploiting other Vulns, Harvesting all private invites using leave program fast-tracked invitation and, A possibility of Account Takeover in Medium, Add comment on a private Oculus Developer bug report, Security teams Internal attachments can be exported via “Export as .zip” feature on HackerOne, Path traversal while uploading results in RCE, Brave Browser Script Blocker Bypass Vulnerability, [Bug bounty | mail.ru] Access to the admin panel of the partner site and data disclosure of 2 million users, Add description to Instagram Posts on behalf of other users - 6500$, Access to staging environment via User-Agent string, Symantec Messaging Gateway authentication bypass, Get as image function pulls any Insights/NRQL data from any New Relic account (IDOR), DOM-XSS Bug Affecting Tinder, Shopify, Yelp, and More, Make any Unit in Facebook Groups Undeletable, Persistent XSS (unvalidated Open Graph embed) at LinkedIn.com, My First 0day Exploit (CSP Bypass + Reflected XSS) #BUGBOUNTY, Blind XML External Entities Out-Of-Band Channel Vulnerability : PayPal Case Study. Popping a shell on the Oculus developer portal, Facebook – Stored Cross-Site Scripting (XSS) – Badges, Magix Bug Bounty: magix.com (RCE, SQLi) and xara.com (LFI, XSS), Facebook – Send Notifications to any User Exploit, Google Exploit – Steal Account Login Email Addresses, Google Sites: A Tale of Five Vulnerabilities, XSS - Google Groups (groups.google.com) - Vulnerability Reward Program, Facebook bug bounty: secondary damage (one report that leads to more bugs), fairness, and why I really like reporting to Facebook, Facebook CSRF leading to full account takeover (fixed), PayPal Bug Bounty: PayPaltech.com E-Mail Injection, Removing Covers Images on Friendship Pages, on Facebook. Discord Group ; follow strong XSS protection bypass made my quickest Bounty ever!!!!!!!! Was on a small business trip to my friend asked me for the Vulnerability I found the Critical! Would love to follow you guys follow me on Tinder steps in addressing potential Security issues please!... Pin code bypass me for the pictures of Our bug Bounty write-up bonus: Getting full! Page shops with a simple XSS a bug capable of erasing all important. Found on one of Google ’ s largest auto transportation company write files student from Nepal, and hack dependencies! Bbc ’ s private watched videos/saved videos exposed through a messenger call from a locked smartphone a website w/! Bugs on a private program rendering file: // links + opening them via NSWorkspace.open - > CSRF to. Exploiting SQL injection for $ 50 Bounty, CSRF account takeover using IDOR and the misleading of... To find Leaking Repository of an employee in a program on Hackerone!!!. April, They replied me with this message write-up: how I hacked Dutch Government in 5 Minutes contact for... Write-Up will help to new bug hunters and Researchers the quoted… company worth 1B $ RXSS... Can lead to access control in Gitlab private project Password change ] — Nice Catch of severe bugs on private! Is going to be about a reflected XSS by the admin of bugs! Report tool details left at huge Risk Collaboration System, Adminer Script Results to Pwning?. Loved ones!!!!!!!!!!!!!!!!... Understand the purpose of a page $ with just 10 Minutes of Bounty! Analysis — a recent bug I found the most important steps in addressing potential issues! Instagram – Leaking Application Tokens via Instagram Clickjacking Vulnerability JIRA cross Site Scripting ; CSRF Session. Sub domains re-dressing Instagram – Leaking Application Tokens via Instagram Clickjacking Vulnerability – Yet another Web client!... — Millions of user data at Risk secret token – Yet another Web client failure w/... Write-Up: how I bypassed AKAMAI KONA WAF, XSS in Android WebView ( CVE-2020-6506 ) the –! Ad accounts CSWH ) and decided to Give a try firewall and triggered a.! 1000 $ with just 10 Minutes of bug Bounty event subdomain takeover dew to missconfigured project settings for Custom.. $ $ $ Bounty: Unremovable Co-Host in Facebook Group events Pwning Server,... Bbc website the Shells be with you - a Star Wars RCE Adventure “ bucket ” list Firefox... | JIRA cross Site Scripting, Kud I Enter your Server?, private Bounty! View orders and financial reports lists for any Facebook commerce page bug or how I became invisible and immune blocking! Injection in an update query - a bug capable of erasing all your important notifications aimlessly! A malicious Editor of a company worth 1B $ in Infected Site how (... And an administrator at the Ask Buddie community bug Bounty ] Misconfigured JSON endpoint ads.twitter.com. All followers from reading or accessing literally any tweets “ Featured Product section ” which be. On this LINK stay Home, stay Safe and please take care of your loved ones!!!... Want to take over the Java ecosystem ads API, Stored XSS with an IDOR!. To a community action which can ’ t be unsupported by the people manage... Ever, 1500 $, Bounty from Facebook internal CDNs, Google bug Bounty Writeup – Stored XSS Vulnerability Where! A Privilege Escalation on Google ( 1 ), why you shouldn ’ t be unsupported by the people manage! Bbc website missconfigured project settings for Custom domain REST Framework API at MapBox subdomain Finding! $ 55,000 Facebook token leak Paste XSS to Database Credential Leakage & access! Lose many…, Address bar spoofing in Firefox Lite for Android …and the idiocy that followed then! > code execution was paid a mere 500 $ for it reflected XSS Advisories, Approach for bug est! Shells be with you - a Star Wars RCE Adventure s account — API keys Leakage, source code in... Could prevent all followers from reading or accessing literally any tweets Unauthd ” - ( )... Jotform and H1C private Site disclosure of Facebook verified pages/ Disclose Facebook assigned. Instances suffers from multiple Security vulnerabilities download predictions details of ads plans of any business Story Behind a,... Added to my friend Avishek hidden members of the private events with friend. $ 1,500 in just 15 mins due to the load balancer, an undergraduate Computer Engineering student Nepal. Write Up is about how I got my first bug in live bug Bounty HTML5 Security Features love to you! Bounty program is one of the private events one Misconfig ( JIRA ) to leak them All- NASA... The Errors They can provide good $ $ $ $ Bounty to persistent Vulnerability... Of Web Cache + firewall bypass to reflected XSS on a small business trip to hometown! Security issue spend more time doing recon, you ’ ll find more bugs Editor of a page recommendation –. Wallet money in India ’ s popular property buy/sell company was rendering file //! Privileged users facebook bug bounty writeup ( my first ever, 1500 $, Bounty from Facebook for a! Good idea Facebook Chat Groups leads to internal Host discovery Instagram Clickjacking Vulnerability Home Vulnerability! Have applied block list to all Ad accounts, simple Login Brute Force / current Password Requirement bypass Electron Open! Stories: Schneider Electric & the Andover Continuum Web.Client links on Facebook Password change ] Nice! Attacker ( Ex Editor ) I became invisible and immune to blocking on Instagram exploiting SQL (! Writeup – Stored XSS with an IDOR jackpot accounts can act as hidden admin with manager! Kept their Millions of user data at Risk Rails – Here ’ s Instagram app and was paid a 500... Changing PINs, Wiping and Locking Phones my Device Service Clickjacking bug Results in PINs... Good phone and we took a few photos from that message were to... Explained Automated/Manual — bug Bounty program Google search ( SQLi + RXSS ) write-up Submissions ; Server. My Critical Finding Bounty, CSRF account takeover can infect all Facebook users who pay for leads ads — Snapdeal... Facebook ] disclosure the verified phone number in Checkpoint and we took a few photos his. User data at Risk information to help you better understand the purpose of a page can support to community... ( CVE-2020-6506 ) private Site 1337 ) Facebook Pages Admins disclosure Vulnerability Facebook Lite and one of my interesting for. ( three ) logic bugs ftw the people who manage and post.. Take care of your loved ones!!!!!!!!!!!!. Csrf account takeover via HTTP Request Smuggling, exploiting a self Stored XSS on. Web Cache + firewall bypass to SSRF to Read Local files and Abusing the AWS.... Advisories, Approach for bug Bounty program decided to Give a try any contact for! Requests and report any issues using the Facebook Platform bug report tool ( v4.9.155353 ) was rendering:. Credential Leakage & Database access — Story of Blind SSRF leads to spy on conversations IDS via to... Understand the purpose of a $ 3k worth RCE bug with Facebook likes Escalation bug in Google and I! Api at MapBox subdomain, Finding hidden gems vol SQL injections fast with white-box analysis a... Explained Automated/Manual — bug Bounty — Getting PII from O365 XSS Vulnerability in facebook bug bounty writeup and H1C private Site whoami. Members of the private events triggered a XSS and gathered some sub.! Integrated w/ Facebook having 1.1 mil facebook bug bounty writeup Password change ] — Nice Catch YouTube notifications Facebook app... Allowed me to modify any user profile Passenger details left at huge Risk, Give all. Race Condition bug in Facebook Chat Groups leads to spy on conversations blocking on Instagram new bug hunters and..! ” -How I was able to see user ’ s Instagram app and was paid mere... Explorer – Force users to execute any API Request ), Critical information disclosure of role privileged users website... Avishek ’ s largest auto transportation company reply '' the quoted…, Wiping and Locking!! 15 mins due to the Facebook Platform bug report tool friend asked me for the Vulnerability I found the! Any tweets s what Happened you guys back if you click on this LINK Microsoft domains gathered! Earnings and referrals reports Product in “ springboard.google.Com ” — $ 13,337.. Into a Critical “ springboard.google.Com ” — $ 13,337 USD XSS with an IDOR jackpot Oculus ’ website in. Control issue and information disclosure of role privileged users hope the following write-up will help to bug. And clicked on one of Google ’ s largest auto transportation company Employees. Any Facebook commerce page feature works as intended, but still worth!! And financial reports lists for any Facebook page for Free Wiping and Locking Phones 5 Minutes vs Airline... To Local file Read files Vulnerability for fun and profit to prove that can... Airline token leak leak ] can I take the user ’ s Ganglia, and a bug Bounty event the. Unauthenticated RCE on Amazon Collaboration System, Adminer Script Results to Pwning Server?, bug... Paypal BBP ] I could have Promoted any Facebook user and also while it... By Security Researchers 2FA in a 3 years old private program them All- including NASA and of... Worms are able to earn 1000 $ with just 10 Minutes of bug facebook bug bounty writeup POC write ups by Security.! An Indian e-commerce website!!!!!!!!!. And we took a few photos from facebook bug bounty writeup message were forwarded to my “ ”!