Back to directory

WRITEUP #6362

Rewriting a photo not owned by the session user in Moments App (Revisited)

Logic BugLogic flawBroken authorization

by@phwd(Philippe Harewood)

Program

Meta / Facebook

Published

Oct 27, 2016

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://philippeharewood.com/rewriting-a-photo-not-owned-by-the-session-user-in-moments-app-revisited/

▸ RELATED WRITEUPS

Logic Flaw: I Can Block You from Accessing Your Own Account

Logic BugLogic flaw

“Like” Bypass on Customer Reviews — €500 bounty

Logic BugLogic flaw

CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)

RCEForced browsing

How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System

ReconMissing authentication

Interesting Business Logic Error leads to Pre-Account Takeover via Verification bypass on GoogleVRP

Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat