价值$5000美金的Facebook封闭小组成员列表泄漏漏洞
根据https://www.facebook.com/help/220336891328465所写,只有当前成员可以看到封闭小组的成员列表。
Recent Posts
Hacking Facebook the Hard Way
Join Unofficial Facebook Bug Bounty Group https://www.facebook.com/groups/bugbountygroup/
Facebook Bug Bounty: Change product availability as an analyst in a linked group
Description This bug could have let a malicious page analyst modify the availability of an item put up for sale by the page in a group linked to the page.
Facebook Bug Bounty: A page analyst could add themselves as the moderator on a group
Description There is a call to add member as the moderator on a group. The call at the time didn’t seem to have any authorisation checks to page roles. A pag...
Abusing JSONP to grab user credentials
I find that a company implements cross-domain authentication using JSONP and cookies.There is the login flow: ``` GET /api/cross/getsign?callback=test HTTP/1...