PinnedPublished inPenTester NepalTwo Factor Authentication Bypass On FacebookSummary: I discovered the lack of rate-limiting issue in instagram which could have allowed an attacker to bypass two factor authentication…Jan 20, 2023A response icon7Jan 20, 2023A response icon7
Bypass Facebook Business Quarantine — Integrity SafeguardsIn late 2022, Meta Bug Bounty program introduced a new category focused on vulnerabilities related to business integrity safeguards.1d ago1d ago
Exposing Facebook’s Hidden Goldmine: Creators’ Private Data at RiskThis bug revealed sensitive data such as email addresses, phone numbers, birthdays, associated pages and apps, banking details and many…Dec 17, 2024A response icon2Dec 17, 2024A response icon2
Disclose the email address and phone number of chinese business resellerThere is a XController that shows the resellerInfoSpecMap of a Chinese business reseller. The resellerInfoSpecMap contains email address…Jul 11, 2024A response icon1Jul 11, 2024A response icon1
Unauthorized access to Facebook creator’s professional dashboardJust after returning home from Bounty Con Singapore, I had to fly India in Mid-Oct 2022 for some family reasons. While staying there, my…Mar 5, 2024Mar 5, 2024
Disclose assigned apps of any facebook userThere is a GraphQL query named AccountQualityDataSourceCardWrapperRootQuery that fetches the data sources of any facebook business account…Feb 22, 2024Feb 22, 2024
Page admin disclosure via facebook profile link embedded in instagramOct 6, 2023A response icon2Oct 6, 2023A response icon2
Published inPenTester NepalDisclosing assigned users of any facebook applications connected to business accountDuring the Mid-April 2021, I found a very new looking UI of Facebook Business Suite in one of my test facebook account. So, within a second…Apr 7, 2023Apr 7, 2023
