Back to directory
WRITEUP #4137

Bad regex used in Facebook Javascript SDK leads to account takeovers in websites that included it

Auth BypassAccount takeoverHTTP parameter pollutionpostMessage
by@samm0uda(Youssef Sammouda)
Bounty
21,000
Program
Meta / Facebook
Published
Dec 31, 2020
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://ysamm.com/?p=510
RELATED WRITEUPS
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center
Auth Bypass2FA / MFA bypass
Forced SSO Session Fixation
Auth BypassSSO
Account takeover on 8 years old public program
Auth BypassAccount takeover
$500 for Cracking Invitation Code For Unauthorized Access & Account Takeover
Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat