WRITEUP #3689

How I could have accessed all your private videos/photos saved inside your device without even unlocking it?

Logic BugBroken authorizationLogic flaw

by@samiparyal_(Samip Aryal)

Bounty

3,150

Program

Meta / Facebook

Published

Jun 6, 2021

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://samiparyal.medium.com/how-i-could-have-accessed-all-your-private-videos-photos-saved-inside-your-device-without-even-1a7e455ddcc8

▸ RELATED WRITEUPS

Logic Flaw: I Can Block You from Accessing Your Own Account

Logic BugLogic flaw

“Like” Bypass on Customer Reviews — €500 bounty

Logic BugLogic flaw

CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)

RCEForced browsing

How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System

ReconMissing authentication

Interesting Business Logic Error leads to Pre-Account Takeover via Verification bypass on GoogleVRP

Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat