Back to directory
WRITEUP #1777

0 click Facebook Account Takeover and Two-Factor Authentication Bypass

Auth BypassAuthentication bypassGraphQLAccount takeoverAndroid2FA / MFA bypass
by@yaalaab(abdellah yaala)
Bounty
3,000
Program
Meta / Facebook
Published
Dec 21, 2022
Added to HackDex
Dec 23, 2022
Read Full Writeuphttps://medium.com/@yaala/account-takeover-and-two-factor-authentication-bypass-de56ed41d7f9
RELATED WRITEUPS
Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center
Auth Bypass2FA / MFA bypass
The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover
APIGraphQL
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
$1600 Bounty on a Main Domain
ReconSession fixation
Forced SSO Session Fixation
Auth BypassSSO

Built with ❤️ by Shubham Rawat