corrupted-brain/Facebook-Bug-Bounty-Writeups:

🛡️ Facebook Bug Bounty Writeups Collection ✍️

💖 A curated list of Facebook bug bounty writeups by various security researchers.🌙

`You can contribute to this collection by submitting your own writeup or any others you know of, written in clear and concise English. Your contributions will help others learn from your experiences and improve the security of Facebook's platform.`

Account Takeovers
Remove Code Execution
Two-Factor Authentication Bypass
Cross-Site Scripting
Cross-Site Request Forgery
Server-Side Request Forgery
Logic Vulnerabilities
Race Conditions
Rate Limits
Open Redirects
Clickjacking
Insecure Direct Object Reference
Privacy/spam
Page Roles
Facebook Ads
Facebook Groups
Phone Numbers
Email Address
BIP Address
Symlink Attack
Accellion’s Secure File Transfer
XXE
LFI
SQL Injection
Jenkins
API
GraphQL
FQL
Logic Nonces
OAuth
Instagram
Signal
Slingshot
Messenger Android
Moments
Moves
WhatsApp
Workplace
Whitehat Test Accounts
Facebook Events
DoS Attack
Facebook/Instagram Mobile App
Extra resources
Thanks

Account Takeovers

Remote Code Execution

2FA Bypass

XSS

CSRF

SSRF

$10000 Facebook SSRF (Bug Bounty)

Logic

Race conditions

Rate Limits

Open Redirect ($500+)

Clickjacking

Insecure Direct Object Reference (IDOR)

Privacy/Spam

Page Roles

Facebook Ads

Facebook Groups

Phone number

Email address

XXE

LFI

Facebook Web Security Bug Bounty: Directory Traversal Vulnerability / RCE In Parse.com

SQLI

Jenkins

How i hacked facebook jenkins vuln

API

GraphQL

FQL

Login Nonces

Stealing messengerlogin nonces

OAuth (AKA Stealing Access Tokens)

Instagram

Signal

Getting facebook signal app access token

Slingshot

Add any facebook user non friend to slingshot without knowing the username

Messenger Android

Moments

Moves

OAuth Cross-Site Scripting vulnerability in Facebook's Moves app

Workplace

Whitehat Test Accounts

Facebook Event

Irremovable Guest in Facebook Event (Facebook Bug Bounty)

Facebook Business Page

Hacking Facebook Invoice: How I Could've Bought Anything for Free from Facebook Business Pages

DOS Attack

Remotely Permanent Crash Any Instagram

Facebook/Instagram Mobile App

Some of the extra resources that you may want to look at !!

Thanks

Special Thanks to :-

@pwnwriter
@phwd
Jaiswalakansh
Facebook BugBounty Group,
and all the contributors

Facebook-Bug-Bounty-Writeups Facebook-Bug-Bounty-Writeups copied to clipboard

Metadata

🛡️ Facebook Bug Bounty Writeups Collection ✍️

💖 A curated list of Facebook bug bounty writeups by various security researchers.🌙

You can contribute to this collection by submitting your own writeup or any others you know of, written in clear and concise English. Your contributions will help others learn from your experiences and improve the security of Facebook's platform.

Table of Contents

Account Takeovers

Remote Code Execution

2FA Bypass

XSS

CSRF

SSRF

Logic

Race conditions

Rate Limits

Open Redirect ($500+)

Clickjacking

Insecure Direct Object Reference (IDOR)

Privacy/Spam

Page Roles

Facebook Ads

Facebook Groups

Phone number

Email address

BIP address

Symlink Attack

Accellion’s Secure File Transfer

XXE

LFI

SQLI

Jenkins

API

GraphQL

FQL

Login Nonces

OAuth (AKA Stealing Access Tokens)

Instagram

Signal

Slingshot

Messenger Android

Moments

Moves

Whatsapp

Workplace

Whitehat Test Accounts

Facebook Event

Facebook Business Page

DOS Attack

Facebook/Instagram Mobile App

Some of the extra resources that you may want to look at !!

Thanks

← Metadata

Owner

Metadata

Facebook-Bug-Bounty-Writeups
Facebook-Bug-Bounty-Writeups copied to clipboard

`You can contribute to this collection by submitting your own writeup or any others you know of, written in clear and concise English. Your contributions will help others learn from your experiences and improve the security of Facebook's platform.`