Back to directory

WRITEUP #3785

Facebook account takeover due to unsafe redirects after the OAuth flow

OAuthOpen redirectAccount takeover

by@samm0uda(Youssef Sammouda)

Bounty

28,800

Program

Meta / Facebook

Published

Apr 30, 2021

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://ysamm.com/?p=667

▸ RELATED WRITEUPS

Stealing First Party Access Token of Facebook Users: Meta Bug Bounty

OAuthAccount takeover

Self XSS + Login CSRF + OAuth = Account Takeover

Auth BypassAccount takeover

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Self-XSS to ATO via Site Features

How I Got $250 For My Second Bug on HackerOne

OAuthSession expiration issue

Built with ❤️ by Shubham Rawat