I am Ali Kabeel an Application Security Intern at Seekurity team. This is Second part of A brief on Abusing Invitation Systems blog post . In this blog post I will be mainly focusing on how I was able “by following the tips and tricks in the previous blog post” to bypass Facebook fixes for 4 consecutive years.In case you are not familiar with concepts, take a sneak peak on the previous blog before continuing with this one ;).
Continue reading “Business Logic Vulnerabilities Series: A Story of a 4-Years-old (and counting) Facebook Security Bug!”
Hi Guys, How are you doing? Well i’ll consider and hope the answer is “Fine”… Today i will show you a bug i found in Facebook without even using any kind of testing tools BUT those kind of bugs requires what’s more than tools, it requires a hawk-eye, A platform-aware bug hunter mentality, a poet and an awesome morning cup of coffee, So don’t expect to gain technical skills from this blog post, only some pro tips and hunting mentality experience!
This is merely the second time i’m sending a report to Facebook Security Team without writing a piece of code!
Continue reading “The 2.5mins or 2.5k$ hawk-eye bug – A Facebook Pages Admins Disclosure Vulnerability!”
Hi Folks, Long time no see, it’s Seif Elsallamy, Remember me ? if not 🙁 you may go through my previous blogs Stored XSS in the heart of the Russian email provider giant (Mail.ru) , Rolling around and Bypassing Facebook’s Linkshim protection on iOS
Today I’m gonna show you a race condition bug which i recently fall in love with those kind of vulnerabilities especially in when it comes to Facebook also i want to mention that this bug is super simple to understand It’s not complicated, the only complicated part is how to test and finding it.
Continue reading “The Fuzz…The Bug..The Action – A Race Condition bug in Facebook Chat Groups leads to spy on conversations!”
Your privacy on the internet is the biggest concern ever and when it comes to “Dating websites” and “Social Networks” it means more and more!
Let me tell you a story of two websites that don’t respect yours and putting it on danger…
Continue reading “When your privacy disclosure is a “feature” not a “bug” – Badoo & HotorNot failure!”
My name is Mohamed Abdel Aty, an Egyptian Web Developer & Bug Hunter, Today I would like to share with you a “cute” bug I found while doing some bug hunting in Facebook.
Testing different sub-domains is a common procedure in bug hunting , while searching the domain “mbasic.facebook.com” I noticed this link
Continue reading “Facebook Vulnerability – a “Cute Bug” that reveals the “likes” of deleted posts regardless of their privacy settings”
Physical devices connected with web applications made everything easy to be managed. Screen size, availability, usage etc… is what pushing everyone to manage their devices through their desktops/laptops! On the other hand such advantages poses a threat if these web applications contains security issues!
For example android devices can be managed through “Google Device Manager”, iOS devices can be managed by “iCloud service”, Windows Phone devices can be managed via your Microsoft account, FirefoxOS devices can be managed also through your Mozilla account and finally Internet of Things devices or (IoT) are connected to their own vendors dedicated web apps!!
Continue reading “FirefoxOS Find My Device Service Clickjacking Bug results in Changing PINs, Wiping and Locking Phones!”
Facebook is the largest social network ever known on the internet, People are using Facebook for contacting friends, Family and sometimes for Work!
When it comes to Work that means an important notifications from your company’s page, work account, work admins, business accounts, etc…
Continue reading “Facebook movies recommendation vulnerability – A bug capable of erasing all your important notifications!”
Hi Bug Hunters,
Today we will explain how we redressed facebook ui and made it so easy to fool a victim to for example, Add the attacker as a member in one of his own secret groups on facebook.
Here’s some details about the issue: