PinnedPublished inPenTester NepalTwo Factor Authentication Bypass On FacebookSummary: I discovered the lack of rate-limiting issue in instagram which could have allowed an attacker to bypass two factor authentication…Jan 20, 20237Jan 20, 20237
Exposing Facebook’s Hidden Goldmine: Creators’ Private Data at RiskThis bug revealed sensitive data such as email addresses, phone numbers, birthdays, associated pages and apps, banking details and many…Dec 17, 20242Dec 17, 20242
Disclose the email address and phone number of chinese business resellerThere is a XController that shows the resellerInfoSpecMap of a Chinese business reseller. The resellerInfoSpecMap contains email address…Jul 11, 20241Jul 11, 20241
Unauthorized access to Facebook creator’s professional dashboardJust after returning home from Bounty Con Singapore, I had to fly India in Mid-Oct 2022 for some family reasons. While staying there, my…Mar 5, 2024Mar 5, 2024
Disclose assigned apps of any facebook userThere is a GraphQL query named AccountQualityDataSourceCardWrapperRootQuery that fetches the data sources of any facebook business account…Feb 22, 2024Feb 22, 2024
Published inPenTester NepalDisclosing assigned users of any facebook applications connected to business accountDuring the Mid-April 2021, I found a very new looking UI of Facebook Business Suite in one of my test facebook account. So, within a second…Apr 7, 2023Apr 7, 2023
