Back to directory
WRITEUP #1449

Accessing to Data Sources of any Facebook Business account via IDOR in GraphQL

IDORGraphQL
by@MukundBhuva(Mukund Bhuva)
Program
Meta / Facebook
Published
Mar 6, 2023
Added to HackDex
Mar 8, 2023
Read Full Writeuphttps://medium.com/@mukundbhuva/accessing-the-data-sources-of-any-facebook-business-account-via-idor-in-graphql-1fc963ad3ecd
RELATED WRITEUPS
The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover
APIGraphQL
Zomatoooo! IDOR in Saved Payments
IDOR
Authorization bypass due to cache misconfiguration
APIAuthorization bypass
How I got my first $13500 bounty through Parameter Polluting (HPP)
IDORXSS
A Creative Way To Get Someones YouTube Videos Deleted + A Copyright Strike Against Their YouTube Channel
IDORBroken Access Control

Built with ❤️ by Shubham Rawat