Hi Folks, Long time no see, it’s Seif Elsallamy, Remember me ? if not 🙁 you may go through my previous blogs Stored XSS in the heart of the Russian email provider giant (Mail.ru) , Rolling around and Bypassing Facebook’s Linkshim protection on iOS
Today I’m gonna show you a race condition bug which i recently fall in love with those kind of vulnerabilities especially in when it comes to Facebook also i want to mention that this bug is super simple to understand It’s not complicated, the only complicated part is how to test and finding it.
Continue reading “The Fuzz…The Bug..The Action – A Race Condition bug in Facebook Chat Groups leads to spy on conversations!”
Welcome back again, This is Ali Kabeel in case you don’t remember me read my first blog about Abusing invitations systems.
In this blog we will be continuing our talk about Business logic bugs and how dangerous and simple they can become, I will be showing you one of the simplest yet the most dangerous bugs I have found in the gigantic photo sharing app Instagram but first lets get an overview of some concepts and general knowledge.
Continue reading “Business Logic Vulnerabilities Series: How I became invisible and immune to blocking on Instagram!”
Supp!, How are you guys! I hope you’re fine, I’m Seif Elsallamy (again) if you don’t remember me read my previous blog here: Stored XSS in the heart of the Russian email provider giant (Mail.ru)
Before we go in depth, lets know What is Linkshim ?
Continue reading “Rolling around and Bypassing Facebook’s Linkshim protection on iOS”
I am Ali Kabeel an Application Security Intern at Seekurity team. This is my first blog i hope you like it. In this blog post I will be mainly focusing on Business Logic vulnerabilities by offering some tips and tricks on how to abuse invitation systems using real-world examples from my Facebook Bug Bounty experience but first let’s get a general knowledge about some concepts.
Continue reading “Business Logic Vulnerabilities Series: A brief on Abusing Invitation Systems”