This was one of my finding from twitter.com Read the complete Report here on https://hackerone.com/reports/129436 Youtube POC https://www.youtube.com/watch?v=P2Ram2FBAS4
This is one of my finding in Facebook which i want to share with you all. While searching for bugs on Facebook, i came to know that you cant post anything beyond your birth date. ie if your birth date is 01/01/1970, you cant publish a post on 31/12/1969. So i started playing with this.
In this post i am going to explain one of my finding in facebook ,the logout CSRF. Although logout CSRF are annoying, it is not considered as security vulnerability. Facebook has the following link to unsubscribe emails . https://www.facebook.com/o.php?k=a6d163&u=yourid&mid=606dcb7G517b252cG247fb31G5 “u” parameter is your own facebook user id. if you replace it with any other id,
While searching for bugs on facebook, i came across one link where you can find deactivated facebook accounts. The following link should work only to find your deactivated friends but it works for any profile on facebook. https://www.facebook.com/ajax/friends/inactive/dialog?id=100000331676021&__user=1367024940&__a=1&__dyn&__req=1e&__rev= Where “id” is the id of the victim(it can be any id of random facebook user)
If you see anyone’s Facebook timeline , you can see year wise posts are returned on the right side of his timeline.what if he has complete privacy setting to his timeline? still the year queries are returned even if there are no posts. Example 2015 2014 2013 now you can easily guess that 2013 is
I don’t like writing much but since i have won some bounty from Facebook, i decided to write one. My main intention was to get into Facebook whitehat list! There are lot of security researchers around the world who are hunting for bugs ,so there was no point in hunting for bugs like XSS, CSRF etc