Business Logic Vulnerabilities Series: A Story of a 4-Years-old (and counting) Facebook Security Bug!

Hi Guys,
I am Ali Kabeel an Application Security Intern at Seekurity team. This is Second part of A brief on Abusing Invitation Systems blog post . In this blog post I will be mainly focusing on how I was able “by following the tips and tricks in the previous blog post” to bypass Facebook fixes for 4 consecutive years.In case you are not familiar with concepts, take a sneak peak on the previous blog before continuing with this one ;).

Continue reading “Business Logic Vulnerabilities Series: A Story of a 4-Years-old (and counting) Facebook Security Bug!”

Share

TopCoder.com Vulnerabilities – A tail of site-wide bugs leads to accounts compromise & payments hijacking

TopCoder_logo

Hi Folks,
TopCode.com is a website where the most skilled top coders around the world are solving challenges, Competing and writing codes to achieve a specific tasks. Top high profile companies like (Facebook, Google, Twitter, etc..) are getting help from such websites in their recruitment process!

Continue reading “TopCoder.com Vulnerabilities – A tail of site-wide bugs leads to accounts compromise & payments hijacking”

Share

Fiverr.com Full Accounts Takeover – A Vulnerability Puts $50 Million Company At Risk

Fiverr_logo__tagline

Fiverr.com, a global online marketplace which provides a platform for people to sell their services for five dollars per job, is vulnerable to a critical web application vulnerability that puts its millions of users at risk.

Fiverr raised $30 million in a third round of institutional funding to continue supporting the new version of its marketplace, but the company ignored the advance warning of the critical bug reported responsibly by a vulnerability hunter and fails to patch up their website before his public release.

Continue reading “Fiverr.com Full Accounts Takeover – A Vulnerability Puts $50 Million Company At Risk”

Share