Back to directory
WRITEUP #6511

Facebook CSRF leading to full account takeover (fixed)

CSRFAccount takeover
by@josipfranjkovic(Josip Franjkovic)
Bounty
8,450
Program
Meta / Facebook
Published
Oct 18, 2013
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://www.josipfranjkovic.com/blog/facebook-csrf-full-account-takeover
RELATED WRITEUPS
CSRF Bypass Using Domain Confusion Leads To ATO
CSRFAccount takeover
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Self-XSS to ATO via Site Features
XSSSelf-XSS
Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities
XSSReflected XSS
Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center
Auth Bypass2FA / MFA bypass

Built with ❤️ by Shubham Rawat