Back to directory
WRITEUP #4879

CVE-2019-18426 - WhatsApp Vulnerabilities Disclosure - Open Redirect + CSP Bypass + Persistent XSS + FS read permissions + potential for RCE

RCEStored XSSCSP bypassArbitrary file readOpen redirectSecurity code review
by@WeizmanGal(Gal Weizman)
Bounty
12,500
Program
Meta / Facebook (WhatsApp)
Published
Feb 14, 2020
Added to HackDex
May 4, 2023
Read Full Writeuphttps://weizman.github.io/2020/02/14/whatsapp-vuln/
RELATED WRITEUPS
Studying 0days: How we hacked Anki, the world's most popular flashcard app
RCEComponents with known vulnerabilities
We hacked Anki - 0 day exploit from studying someone elses flashcards
RCEComponents with known vulnerabilities
Getting code execution on Veeam through CVE-2023-27532
RCEInsecure deserialization
Spip Preauth RCE 2024: Part 2, A Big Upload
RCEFile upload
Analysis of CVE-2024-43044 — From file read to RCE in Jenkins through agents
RCEArbitrary file read

Built with ❤️ by Shubham Rawat