Quantcast
Channel: Stories by Max Pasqua on Medium
Browsing latest articles
Browse All 10 View Live

Image may be NSFW.
Clik here to view.

XSS in Oculus Rifts CDN

After looking through Oculus Rifts site I came across the developer section for making apps. I quickly made a test app and poked around for vulnerability's until I found a function to upload icons in...

View Article



Image may be NSFW.
Clik here to view.

XSS in Facebook CDN through AR Studio Effects

I was browsing Facebook newsroom when I saw that they put out a new addition, AR Studio Effects (https://www.facebook.com/fbcameraeffects/home/). This let developers upload augmented reality camera...

View Article

Image may be NSFW.
Clik here to view.

Break Services tab on Facebook Pages with Integer Overflow

This vulnerability allows an attacker to break the services tab of a page rendering it completely unusable and unviewable. This attack requires the user to be at least an editor of the page. The impact...

View Article

Image may be NSFW.
Clik here to view.

Breaking Appointments and Job Interview Schedules With Malformed Times

Facebook recently added an “Appointments” feature to pages. After a bit of searching through all the requests made I found that it was possible to use malformed times to break the appointment tab. The...

View Article

Image may be NSFW.
Clik here to view.

Unremovable Tags In Facebook Page Reviews

Facebook pages have a feature to leave reviews on them. When making a review a malicious user could tag a victim and it would render the tag unremovable. Upon trying to remove it would give the victim...

View Article


Image may be NSFW.
Clik here to view.

Chaining Two Vulnerabilities to Break Facebook Appointment Times For the...

Along with https://medium.com/bugbountywriteup/breaking-appointments-and-job-interview-schedules-with-malformed-times-edef103e46ba during my searching I found a second vulnerability to break the newly...

View Article

Image may be NSFW.
Clik here to view.

Stealing Side-Channel Attack Tokens in Facebook Account Switcher

After receiving an email from facebook that somebody requested to join my group I decided to open the link in a different account to see the results. I was brought to the “account switcher” page that...

View Article

Image may be NSFW.
Clik here to view.

Unremovable Users in Facebook Collections

Looking through Facebook newsroom I saw an update was put out ( https://newsroom.fb.com/news/2018/12/facebook-collection-sharing/) that added the feature to add users to a saved collections. After...

View Article


Image may be NSFW.
Clik here to view.

DoS Across Facebook Endpoints

A while back I read a report by a friend of mine, Kassem, where he was able to completely block a user from using Facebook Messenger with a long string of text. After reading this I decided to look...

View Article


Image may be NSFW.
Clik here to view.

Moving Platforms

I’ve decided that I’m going to be moving platforms for my write ups.You can now find all my new ones over at bugreaderMax Pasqua

View Article
Browsing latest articles
Browse All 10 View Live




Latest Images