Tuesday, May 17, 2016

How I bypassed Facebook CSRF once again!


  7 comments
9:52 AM






I found a vulnerability in Facebook that allowed me to send a POST request with CSRF token to any Facebook endpoints or external hosts!

It was very similar to this bug which I found in 2015.


Read More

Thursday, April 9, 2015

How I bypassed Facebook CSRF Protection


  36 comments
2:35 AM




bypass facebook csrf 2015



I discovered a critical vulnerability in Facebook that allowed an attacker to bypasses Facebook CSRF protection!

more information about CSRF at owasp

Read More

Sunday, March 15, 2015

Bypass ads account's roles vulnerability 2015


  1 comment
2:04 PM


facebook exploit 2015





I discovered a vulnerability in Facebook that allowed a normal user in ad account to get unauthorized admin access in that ad account

admins in ad account  can add any user to their ad account with these 3 type of  role :

  1. admin
  2. advertiser
  3. analyst
read more about these roles link

Read More