Back to directory
WRITEUP #6283

Posting on groups as people whenever their email was known by an attacker

OtherBroken authorization
byZahid Ali
Bounty
7,500
Program
Meta / Facebook
Published
Jun 29, 2017
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://medium.com/@zahidali_93675/posting-on-groups-as-people-whenever-their-email-was-known-by-an-attacker-9dc8d7baf970
RELATED WRITEUPS
Data Theft in Salesforce: Manipulating Public Links
OtherSOQL injection
When Certificates Fail: A Story of Bypassed MFA in Remote Access
Other2FA / MFA bypass
CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)
RCEForced browsing
SSTI in Bug Bounty Program: The Time I Played with Handlebars and Broke Stuff
OtherSSTI
Ghost In The Ppl Part 1: Byovdll
OtherUse-After-Free

Built with ❤️ by Shubham Rawat