Back to directory
WRITEUP #1718

Meta Quest: Attacker could make any Oculus user to follow (subscribe) him without any approval

IDORBroken authorization
by@vulnano(Dzmitry Lukyanenka)
Bounty
1,726
Program
Meta / Facebook
Published
Jan 9, 2023
Added to HackDex
Jan 11, 2023
Read Full Writeuphttps://www.vulnano.com/2023/01/meta-quest-attacker-could-make-any.html
RELATED WRITEUPS
CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)
RCEForced browsing
Zomatoooo! IDOR in Saved Payments
IDOR
How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System
ReconMissing authentication
How I got my first $13500 bounty through Parameter Polluting (HPP)
IDORXSS
The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover
APIGraphQL

Built with ❤️ by Shubham Rawat