Back to directory

WRITEUP #3992

Make recruiting referrals on behalf of employees

APIBroken authorizationGraphQL

by@samm0uda(Youssef Sammouda)

Bounty

3,000

Program

Meta / Facebook

Published

Feb 17, 2021

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://ysamm.com/?p=620

▸ RELATED WRITEUPS

Authorization bypass due to cache misconfiguration

APIAuthorization bypass

The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover

CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)

RCEForced browsing

How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System

ReconMissing authentication

Exploiting Broken Authentication Control In GraphQL

Built with ❤️ by Shubham Rawat