Detecting, Fixing, and Defending Against XXE Attacks in Python and JavaIntroduction:Jun 16, 2023Jun 16, 2023
How to Detect and Mitigate SSRF Vulnerabilities in the Early Coding Cycle: A Comprehensive GuideIntroduction:Jun 11, 2023Jun 11, 2023
CSRF from which we can create a support ticket in Victim’s Account (500$)Complete Details ===May 20, 20211May 20, 20211
Victim’s Anti CSRF Token could be exposed to Third-party Applications installed on user’s Device…Complete Details === During my investigation, I found that a user’s DTSG token can be exposed to a third-party application because of a…May 20, 2021May 20, 2021
Page shops with a hidden Product in “Featured product section” which could be controlled by…Product AreaAug 31, 2020Aug 31, 2020
[IDOR] Delete saved credit cards from any Business Manager Account.Business manager is having an option to add and manage credit cards. However, this functionality is limited to authorized “Admins” of that…Jun 5, 2020Jun 5, 2020
Private Dashboards were accessible by other Admins in Analytics DashboardPrivate dashboards can be accessed by other Admins, which leads to sensitive data exposure.May 2, 2020May 2, 2020
Whitehat test accounts can act as Hidden Admin with Business manager / Ad Accounts.Again this will be a copy/paste of my whole report nothing fancy gifs and memes in this report 😐Oct 12, 2019Oct 12, 2019
ByPassing fix of Domain Blocking feature in Business ManagerA few months back I reported this vulnerability Demoted business admin could apply blocklist to all ad accounts and FB rewarded me 500$…Aug 15, 2019Aug 15, 2019
Business user Employees can add/edit/change or apply block list to a business account.During BountyCon 2019 in Singapore, after getting multiple NA & Informative reports i reported this vulnerability which was valid.Jun 17, 2019Jun 17, 2019