XSS in Oculus Rifts CDN
After looking through Oculus Rifts site I came across the developer section for making apps. I quickly made a test app and poked around for vulnerability's until I found a function to upload icons in...
View ArticleXSS in Facebook CDN through AR Studio Effects
I was browsing Facebook newsroom when I saw that they put out a new addition, AR Studio Effects (https://www.facebook.com/fbcameraeffects/home/). This let developers upload augmented reality camera...
View ArticleBreak Services tab on Facebook Pages with Integer Overflow
This vulnerability allows an attacker to break the services tab of a page rendering it completely unusable and unviewable. This attack requires the user to be at least an editor of the page. The impact...
View ArticleBreaking Appointments and Job Interview Schedules With Malformed Times
Facebook recently added an “Appointments” feature to pages. After a bit of searching through all the requests made I found that it was possible to use malformed times to break the appointment tab. The...
View ArticleUnremovable Tags In Facebook Page Reviews
Facebook pages have a feature to leave reviews on them. When making a review a malicious user could tag a victim and it would render the tag unremovable. Upon trying to remove it would give the victim...
View ArticleChaining Two Vulnerabilities to Break Facebook Appointment Times For the...
Along with https://medium.com/bugbountywriteup/breaking-appointments-and-job-interview-schedules-with-malformed-times-edef103e46ba during my searching I found a second vulnerability to break the newly...
View ArticleStealing Side-Channel Attack Tokens in Facebook Account Switcher
After receiving an email from facebook that somebody requested to join my group I decided to open the link in a different account to see the results. I was brought to the “account switcher” page that...
View ArticleUnremovable Users in Facebook Collections
Looking through Facebook newsroom I saw an update was put out ( https://newsroom.fb.com/news/2018/12/facebook-collection-sharing/) that added the feature to add users to a saved collections. After...
View ArticleDoS Across Facebook Endpoints
A while back I read a report by a friend of mine, Kassem, where he was able to completely block a user from using Facebook Messenger with a long string of text. After reading this I decided to look...
View ArticleMoving Platforms
I’ve decided that I’m going to be moving platforms for my write ups.You can now find all my new ones over at bugreaderMax Pasqua
View Article
More Pages to Explore .....