Back to directory
WRITEUP #133

Stealing First Party Access Token of Facebook Users: Meta Bug Bounty

OAuthAccount takeover
by@saugatscript(Saugat Pokharel)
Program
Meta / Facebook
Published
Jul 30, 2024
Added to HackDex
Aug 6, 2024
Read Full Writeuphttps://iamsaugat.medium.com/stealing-first-party-access-token-of-facebook-users-meta-bug-bounty-44b3b2e87d07
RELATED WRITEUPS
Self XSS + Login CSRF + OAuth = Account Takeover
Auth BypassAccount takeover
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Self-XSS to ATO via Site Features
XSSSelf-XSS
How I Got $250 For My Second Bug on HackerOne
OAuthSession expiration issue
CSRF Bypass Using Domain Confusion Leads To ATO
CSRFAccount takeover

Built with ❤️ by Shubham Rawat