Back to directory

WRITEUP #6523

Stealing Facebook Access Tokens with a Double Submit

CSRFOAuth

by@fin1te(Jack Whitton)

Program

Meta / Facebook

Published

Apr 13, 2013

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://whitton.io/articles/stealing-facebook-access-tokens-with-a-double-submit/

▸ RELATED WRITEUPS

AI Under Siege: Discovering and Exploiting Vulnerabilities

Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities

XSSReflected XSS

How I Got $250 For My Second Bug on HackerOne

OAuthSession expiration issue

CSRF Bypass Using Domain Confusion Leads To ATO

CSRFAccount takeover

Vulnerabilities in Homepage Dashboard

Built with ❤️ by Shubham Rawat