PinnedGtm MänôzinPenTester NepalTwo Factor Authentication Bypass On FacebookSummary: I discovered the lack of rate-limiting issue in instagram which could have allowed an attacker to bypass two factor authentication…Jan 20, 20237Jan 20, 20237
Gtm MänôzDisclose the email address and phone number of chinese business resellerThere is a XController that shows the resellerInfoSpecMap of a Chinese business reseller. The resellerInfoSpecMap contains email address…Jul 111Jul 111
Gtm MänôzUnauthorized access to Facebook creator’s professional dashboardJust after returning home from Bounty Con Singapore, I had to fly India in Mid-Oct 2022 for some family reasons. While staying there, my…Mar 5Mar 5
Gtm MänôzDisclose assigned apps of any facebook userThere is a GraphQL query named AccountQualityDataSourceCardWrapperRootQuery that fetches the data sources of any facebook business account…Feb 22Feb 22
Gtm MänôzPage admin disclosure via facebook profile link embedded in instagramOct 6, 20231Oct 6, 20231
Gtm MänôzDisclose the commerce creation ad permissions of creator’s (ig_user)Sep 12, 2023Sep 12, 2023
Gtm MänôzinPenTester NepalDisclosing assigned users of any facebook applications connected to business accountDuring the Mid-April 2021, I found a very new looking UI of Facebook Business Suite in one of my test facebook account. So, within a second…Apr 7, 2023Apr 7, 2023
