PinnedGtm MänôzinPenTester NepalTwo Factor Authentication Bypass On FacebookSummary: I discovered the lack of rate-limiting issue in instagram which could have allowed an attacker to bypass two factor authentication…5 min read·Jan 20, 2023--7--7
Gtm MänôzUnauthorized access to Facebook creator’s professional dashboardJust after returning home from Bounty Con Singapore, I had to fly India in Mid-Oct 2022 for some family reasons. While staying there, my…2 min read·Mar 5, 2024----
Gtm MänôzDisclose assigned apps of any facebook userThere is a GraphQL query named AccountQualityDataSourceCardWrapperRootQuery that fetches the data sources of any facebook business account…1 min read·Feb 22, 2024----
Gtm MänôzPage admin disclosure via facebook profile link embedded in instagram2 min read·Oct 6, 2023--1--1
Gtm MänôzDisclose the commerce creation ad permissions of creator’s (ig_user)1 min read·Sep 12, 2023----
Gtm MänôzinPenTester NepalDisclosing assigned users of any facebook applications connected to business accountDuring the Mid-April 2021, I found a very new looking UI of Facebook Business Suite in one of my test facebook account. So, within a second…2 min read·Apr 7, 2023----