Business Logic Vulnerabilities Series: Hot Fixes Getting Cold, A journey of 7 Versions/Years of a sole Facebook vulnerability!

Hi Folks, This is the third part of A brief on Abusing Invitation Systems blog post, In case you have missed the previous parts of this story of write-ups, it is advised to have a sneak peak at the First & Second part before you go on with this post. So before we kick off to our case study let’s get a brief about some technical terms first, I am Ali Kabeel an Application Security Intern at Seekurity and let’s dive in…

Continue reading “Business Logic Vulnerabilities Series: Hot Fixes Getting Cold, A journey of 7 Versions/Years of a sole Facebook vulnerability!”

Share

تطبيقات الفدية الخبيثة “رانسوموير” إحصائيات ونقاش ومعلومات وحلول

“الحقونى، ملفاتى كلها اتشفرت”

تقريباً مفيش اى حد مسمعش عن تطبيقات الفدية الخبيثة، واحد من اصل ١٠ اشخاص بيصابوا بيها، ومفيش مره ننزل فيها بوست على فيسبوك غير لما يكون فى على الاقل كومنت من نوع “الحقنى ملفاتى اتشفرت” او “الحقنى ملفاتى كلها اتغير امتدادها ومبقتش تفتح” او “سكرين شوت من سطح المكتب وكل الملفات اللى عليه متغيره”، لازم واحد من الكومنتات دى الاقيها على اى بوست بنزله حتى لو البوست ملهوش اى علاقه بأى شئ.

Continue reading “تطبيقات الفدية الخبيثة “رانسوموير” إحصائيات ونقاش ومعلومات وحلول”

Share

When your privacy disclosure is a “feature” not a “bug” – Badoo & HotorNot failure!

badoo10

Your privacy on the internet is the biggest concern ever and when it comes to “Dating websites” and “Social Networks” it means more and more!

Let me tell you a story of two websites that don’t respect yours and putting it on danger…

Continue reading “When your privacy disclosure is a “feature” not a “bug” – Badoo & HotorNot failure!”

Share

Facebook Vulnerability – a “Cute Bug” that reveals the “likes” of deleted posts regardless of their privacy settings

facebook-content-banner-2
Hi Folks,
My name is Mohamed Abdel Aty, an Egyptian Web Developer & Bug Hunter, Today I would like to share with you a “cute” bug I found while doing some bug hunting in Facebook.

Testing different sub-domains is a common procedure in bug hunting , while searching the domain “mbasic.facebook.com” I noticed this link

Continue reading “Facebook Vulnerability – a “Cute Bug” that reveals the “likes” of deleted posts regardless of their privacy settings”

Share