-
[Bugbounty Study] #FacebookStudy/Bugbounty Study 2020. 12. 17. 22:41
해당 취약점은 얼마의 바운티를 받은지 알 수 없었다. medium.com/@amineaboud/story-of-a-weird-vulnerability-i-found-on-facebook-fc0875eb5125 Story of a weird vulnerability I found on Facebook Bug Bounty: Leak of internal Facebook documents medium.com 몇몇 서브도메인을 보는 중, "legal need" 에 사용된 흥미로운 서브도메인을 발견하였다. ("legal need" 에 사용된 서버는 일반적으로 중요한 데이터를 포함한다.) https://legal.tapprd.thefacebook.com/ 따라서, 구글링을 통해 해당 url을 포함한 엔드포인트를 찾..
-
[Bugbounty Study] #Facebook _ CSRFStudy/Bugbounty Study 2020. 4. 13. 23:48
# Facebook CSRF (Instagram Partial Account Takeover) _ $12,500 https://ysamm.com/?p=379 Facebook CSRF bug which lead to Instagram Partial account takeover. – Bug bounty write-ups Description This bug could allow an attacker to link victim’s Instagram account to his Facebook page and then have full control of The Instagram account by just making the victim visit a malicious website and without th..