Back to directory

WRITEUP #4922

Cross-Site Websocket Hijacking bug in Facebook that leads to account takeover

Auth BypassCross-Site Websocket Hijacking (CSWH)Account takeover

by@samm0uda(Youssef Sammouda)

Bounty

12,500

Program

Meta / Facebook

Published

Jan 23, 2020

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://ysamm.com/?p=363

▸ RELATED WRITEUPS

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center

Auth Bypass2FA / MFA bypass

Forced SSO Session Fixation

Account takeover on 8 years old public program

Auth BypassAccount takeover

$500 for Cracking Invitation Code For Unauthorized Access & Account Takeover

Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat