Confirm if an invitation is sent to a specific email in Partners Portal / Possibility to resend the invitation
Description This bug could allow an attacker to resend invitation email to a user added by admins in Partners Portal.
Category: Uncategorized
XSS in Facebook CDN due to improper filtering of uploaded files extensions
Description This could allow an attacker to upload html files to Facebook CDNs. This happens because the uploading endpoint only
Continue readingXSS in Facebook CDN due to improper filtering of uploaded files extensions
Enumerate internal cached URLs which lead to data exposure
Description This bug could allow an attacker to enumerate cached URLS in Facebook servers. This vulnerable endpoint would accept any
Continue readingEnumerate internal cached URLs which lead to data exposure
Leaking Facebook user information to external websites / Setting some cookies values
Description This bug could allow an attacker to leak Facebook user information to malicious individuals without user interaction. This bug
Continue readingLeaking Facebook user information to external websites / Setting some cookies values
Open redirect in Instagram.com
Description This bug could allow a malicious user to redirect a user from www.instagram.com to any desired website.
Access private information about SparkAR effect owners who has a publicly viewable portfolio
Description This bug could allow a malicious user to access private information about a SparkAR effect owner who has published
Make recruiting referrals on behalf of employees
Description This bug could allow a malicious user to make recruiting referrals on the behalf of a Facebook employee knowing
Continue readingMake recruiting referrals on behalf of employees
Leak of internal categorySets names and employees test accounts.
Description An attacker could read some internal data which meant to be private and seen by Facebook employees only. The
Continue readingLeak of internal categorySets names and employees test accounts.
Delete linked payments accounts of a Facebook page (or user)
Description This bug could allow a malicious user to delete payment accounts linked to a Facebook page. This bug affects
Continue readingDelete linked payments accounts of a Facebook page (or user)
Access files uploaded by employees to internal CDNs / Regenerate URL signature of user uploaded content.
Description This bug could allow an attacker to download files which have been uploaded previously by employees or normal Facebook