Skip to main content

Posts

Featured post

$1337 YouTube Community (Posts) bug

Recent posts

Instagram Reels bug $$$$ Bug Bounty : Making users share unintented reels

 This bug is categorised as IDOR. We all share Instagram reels with our friend via DM.  Did you every try "Copy link" and share on mediums like WhatsApp or any similar apps ?  When you do that, the generated Link would be of the below URL https://www.instagram.com/reels/<REEL_ID>?igsh=<Encrypted> The igsh in the Query params of URL is an encrypted string, that would get decrypted on the Instagram servers to the User's Profile ID.  On clicking on the link, it would open the Instagram App and plays the reel and then an interruption will be by a popup like the below screenshot  The Attack... Crafting the URL ...  If you replace the <Reel_ID> (What the user intended to share) with a <Granphically_Sensitive_Content_REEL_ID> in the link and send it to users, when ever any user opens the link. It would show graphically sensitive content and then a Popup of the victim's profile. Though they didn't intend to share it.  Report timeline...

Tales of Failed Bug Bounty reports for Facebook

The users that have been going into the  year-wise   White hat thanks   list has significantly reduced if you check.. . You can find me four times in that list. There has been a check if it's an unlikely / rare scenario,  they just close the report and only say thanks for spending time. Image generated using Microsoft's Copilot  Bug 1: Auth Bypass:  This is my first Auth Bypass and very excited to report and aiming a  $ 20,000 as reward. A very interesting bug as Auth Bypass always ranks at the Top in the OWASP. I captured a vulnerable HTTP Request from https://business.facebook.com . It can be replayed any number of times for at most 2 hours, after the Victim has changed his password.  The report is closed because of the time-out of the session. The attack has gone in vane.  Bug 2: Disclosing if a user had been a member of Facebook group in the Past or has an active invitation.  For this exploitation, the Attacker requires User ID and ...

Facebook Bug Bounty : A normal user can mark his Order as Paid

I was actually willing to see my name in this Page of the year 2022.  I thought I would miss but anyway I made it at the end of the year by finding this interesting security Bug. So, this bug is found in the Facebook Commerce Page.  First, The Page admin creates an Order in the Page Inbox to a user and that sends the order to the User.    The Paid checkbox can only be seen ticked when the Admin Marks the Order as paid and the User has no way to hack it. The user can mark only Received but he cannot mark Paid or Dispatched, only the Page admin has the access to do it. So after the admin has maked the order as paid the user will get the option to Mark the order as Received or Dispatched, The HTTP Request while marking the order as RECEVIED would be  I observed in the variable parameter in the message body has mark_as_received . What if I replace the received with paid. I created a new order and did that BOOM ! The order is marked as paid in the Page Admin's Inbox...

Facebook Bug Bounty: Facebook group : users can sendJoin Requests after the Group Admin declined the Request to join

Group Admin invites the User with link.   The User opens the discussion page and sees the Join Group Button  user will request to join the group and his request will be declined After the user reloads the page he'll be shown with No Content  page. But the user can send a request to join from the Discussion page.  

$$$ Facebook Page Crossposting Videos Bug Bounty

 Page editor cannot see the crossposting Page in the Page Settings. But he can use a HTTP Post Request to send an invitation