How I hacked Facebook: Part Two

Interesting Story of an Account Takeover Vulnerability

Directory Traversal, SQL Injection and Server-Side Request Forgery

Self-XSS to ATO via Site Features

IIS welcome page to source code review to LFI!

CSRF Bypass Using Domain Confusion Leads To ATO