Business Logic Vulnerabilities Series: A Story of a 4-Years-old (and counting) Facebook Security Bug!

Hi Guys,
I am Ali Kabeel an Application Security Intern at Seekurity team. This is Second part of A brief on Abusing Invitation Systems blog post . In this blog post I will be mainly focusing on how I was able “by following the tips and tricks in the previous blog post” to bypass Facebook fixes for 4 consecutive years.In case you are not familiar with concepts, take a sneak peak on the previous blog before continuing with this one ;).

Continue reading “Business Logic Vulnerabilities Series: A Story of a 4-Years-old (and counting) Facebook Security Bug!”

Share

Hijacking User’s Private Information access_token from Microsoft Office360 facebook App

Hi Guys, Today i would like to show you how a single misconfiguration issue would jeopardize the user’s privacy if maliciously exploited hence hijack user “access_token” from Microsoft Office360 facebook App. Microsoft decided that this Office365 facebook app is NOT under their Microsoft Online Services bug bounty scope although we proved that our discovered bug can result in stealing Microsoft Office facebook App Access Token and that’s due to a misconfiguration in Microsoft Office Facebook App itself.

Continue reading “Hijacking User’s Private Information access_token from Microsoft Office360 facebook App”

Share

The 2.5mins or 2.5k$ hawk-eye bug – A Facebook Pages Admins Disclosure Vulnerability!

Hi Guys, How are you doing? Well i’ll consider and hope the answer is “Fine”… Today i will show you a bug i found in Facebook without even using any kind of testing tools BUT those kind of bugs requires what’s more than tools, it requires a hawk-eye, A platform-aware bug hunter mentality, a poet and an awesome morning cup of coffee, So don’t expect to gain technical skills from this blog post, only some pro tips and hunting mentality experience!

This is merely the second time i’m sending a report to Facebook Security Team without writing a piece of code!

Continue reading “The 2.5mins or 2.5k$ hawk-eye bug – A Facebook Pages Admins Disclosure Vulnerability!”

Share

The Fuzz…The Bug..The Action – A Race Condition bug in Facebook Chat Groups leads to spy on conversations!

Hi Folks, Long time no see, it’s Seif Elsallamy, Remember me ? if not 🙁 you may go through my previous blogs Stored XSS in the heart of the Russian email provider giant (Mail.ru)  ,  Rolling around and Bypassing Facebook’s Linkshim protection on iOS

Today I’m gonna show you a race condition bug which i recently fall in love with those kind of vulnerabilities especially in when it comes to Facebook also i want to mention that this bug is super simple to understand It’s not complicated, the only complicated part is how to test and finding it.

Continue reading “The Fuzz…The Bug..The Action – A Race Condition bug in Facebook Chat Groups leads to spy on conversations!”

Share

Rolling around and Bypassing Facebook’s Linkshim protection on iOS

نتيجة بحث الصور عن ‪facebook‬‏

Supp!, How are you guys! I hope you’re fine, I’m Seif Elsallamy (again) if you don’t remember me read my previous blog here: Stored XSS in the heart of the Russian email provider giant (Mail.ru)

Before we go in depth, lets know What is Linkshim ?

Continue reading “Rolling around and Bypassing Facebook’s Linkshim protection on iOS”

Share

Let’s steal some tokens!

 

Hey There, How you doing?

Good? Cool!

In this blog post I will be talking about my experience with minor bugs chained together to steal sensitive tokens.

#1. Stealing CSRF tokens through Google Analytics.

While randomly testing things on apps.shopify.com, I landed at some random app page and hit the Write a review button, I wasn’t logged in so I was redirected to the login page and after logging in I was redirected to the application page again. Ok, that’s normal. However, what wasn’t normal is that the URL I got redirected to contained this GET parameter authenticity_token=[CSRF_TOKEN].

Continue reading “Let’s steal some tokens!”

Share

Facebook Vulnerability – a “Cute Bug” that reveals the “likes” of deleted posts regardless of their privacy settings

facebook-content-banner-2
Hi Folks,
My name is Mohamed Abdel Aty, an Egyptian Web Developer & Bug Hunter, Today I would like to share with you a “cute” bug I found while doing some bug hunting in Facebook.

Testing different sub-domains is a common procedure in bug hunting , while searching the domain “mbasic.facebook.com” I noticed this link

Continue reading “Facebook Vulnerability – a “Cute Bug” that reveals the “likes” of deleted posts regardless of their privacy settings”

Share

Facebook movies recommendation vulnerability – A bug capable of erasing all your important notifications!


Hi Folks,

Facebook is the largest social network ever known on the internet, People are using Facebook for contacting friends, Family and sometimes for Work!

When it comes to Work that means an important notifications from your company’s page, work account, work admins, business accounts, etc…

Continue reading “Facebook movies recommendation vulnerability – A bug capable of erasing all your important notifications!”

Share

Facebook ClickJacking – How we put a new dress on Facebook UI

facebook-banner

Hi Bug Hunters,

Today we will explain how we redressed facebook ui and made it so easy to fool a victim to for example, Add the attacker as a member in one of his own secret groups on facebook.

Here’s some details about the issue:

Share