← Find more feeds

ysamm.com

Bug bounty write-ups

Get the latest updates from Bug bounty write-ups directly as they happen.

Follow now 41 followers

Latest posts

Last updated over 2 years ago

Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation

over 2 years ago

This bug could allow a malicious actor to takeover Facebook/Meta accounts if...

Read full

DOM-XSS in Instant Games due to improper verification of supplied URLs

over 2 years ago

This bug could allow a malicious actor to takeover Facebook ( and...

Read full

Account takeover of Facebook/Oculus accounts due to First-Party access_token stealing

over 2 years ago

A malicious actor could steal a first-party access token of the Oculus...

Read full

Multiple bugs chained to takeover Facebook Accounts which uses Gmail.

about 3 years ago

Description This bug could allow a malicious actor to takeover a Facebook...

Read full

More secure Facebook Canvas Part 2: More Account Takeovers

over 3 years ago

Summary After publishing the write-ups about the bugs i previously found in...

Read full

Multiple bugs allowed malicious Android Applications to takeover Facebook/Workplace accounts

over 3 years ago

Description These bugs could allow malicious actors who owns Android Applications installed...

Read full

More secure Facebook Canvas : Tale of $126k worth of bugs that lead to Facebook Account Takeovers

almost 4 years ago

Summery Facebook allowed online games owners to host their games/applications in apps.facebook.com...

Read full

Oversightboard.com site-wide CSRF due to missing checking

almost 4 years ago

Description This bug could allow an attacker to force a user in...

Read full

Disclose unconfirmed email/phone of a Facebook user

almost 4 years ago

Description This bug could have allowed an attacker to target Facebook users...

Read full

Oculus SSO “Account Linking” bug leads to account takeover on third party websites and inside VR Games/Apps

about 4 years ago

Description This bug allows an attacker to manipulate the callback endpoint that...

Read full

Or log in

Everything you care about in one place

Bug bounty write-ups

Latest posts

Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation

DOM-XSS in Instant Games due to improper verification of supplied URLs

Account takeover of Facebook/Oculus accounts due to First-Party access_token stealing

Multiple bugs chained to takeover Facebook Accounts which uses Gmail.

More secure Facebook Canvas Part 2: More Account Takeovers

Multiple bugs allowed malicious Android Applications to takeover Facebook/Workplace accounts

More secure Facebook Canvas : Tale of $126k worth of bugs that lead to Facebook Account Takeovers

Oversightboard.com site-wide CSRF due to missing checking

Disclose unconfirmed email/phone of a Facebook user

Oculus SSO “Account Linking” bug leads to account takeover on third party websites and inside VR Games/Apps

Try Feeder for free