Back to directory
WRITEUP #5309

Business user Employees could have applied block list to all ad accounts listed in the business manager.

Logic BugBroken authorizationLogic flaw
by@rohitcoder(Rohit kumar)
Bounty
500
Program
Meta / Facebook
Published
Jun 17, 2019
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://medium.com/@rohitcoder/business-user-employees-can-add-edit-change-or-apply-block-list-to-a-business-account-7b3e8aae667e
RELATED WRITEUPS
Logic Flaw: I Can Block You from Accessing Your Own Account
Logic BugLogic flaw
“Like” Bypass on Customer Reviews — €500 bounty
Logic BugLogic flaw
CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)
RCEForced browsing
How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System
ReconMissing authentication
Interesting Business Logic Error leads to Pre-Account Takeover via Verification bypass on GoogleVRP
Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat