yaala

Account Takeover in Facebook mobile app due to usage of cryptographically unsecure random number generator and XSS in Facebook JS SDK ($66,000) ysamm.com/uncategorized/…

“Escalating Impact: Full Account Takeover in Microsoft via XSS in Login Flow” by Asem Eleraky melotover.medium.com/escalating-imp…

@sho3hit @jobertabma Maybe you are testing with a report that doesn’t have a summary ??

@jobertabma I did the same thing in the month of January, and it wasn’t there. I have logs too. So how did it come up in February?

This was a great find and had a super interesting root cause: hackerone.com/reports/3000510

Detect the NextJS middleware bypass directly in Burp Suite with this BCheck from @eternalky_u gist.github.com/fourcube/45a78…

@samm0uda @Meta @phwd_ @JosipFranjkovic @vulnano Congratulations Youssef.👏

@NahamSec @Meta Congrats ,

I'm honestly still in disbelief... grateful to receive a $100k bounty from @meta. Feels surreal. Sharing this to show that with time and dedication, it's possible. This was my first and only submission to Facebook - something I've been chasing for a decade! 🙏 Big thank you to @metabugbounty!

I recently developed and posted about a technique called "First sequence sync", expanding @albinowax's single packet attack. This technique allowed me to send 10,000 requests in 166ms, which breaks the packet size limitation of the single packet attack. flatt.tech/research/posts…

@disclosedh1 @sagarbhavar Impact

HackerOne disclosed a bug submitted by @sagarbhavar: hackerone.com/reports/815085 - Bounty: $3,750 #hackerone #bugbounty

According to the media, it is a "war crime" to bomb military targets in #Ukraine, but it is perfectly fine to bomb civilians in #Gaza. If the media won’t say it, I will. Israel is a TERRORIST state‼️ #ZionistTerror #Gaza_Genocide #IsraelGazaWar #GazaAttack #PalestineGenocide

Solved! Chrome debugger was enabled and allowed access via http://localhost:9222/json. This allowed exfiltrating data from other users whosoever was hitting this headless chrome browser - more info here - chromedevtools.github.io/devtools-proto… Thanks everyone for the tips :)

@eman_yazji When you hunt yes. but when shopping It is considered Theft

When you hunt on a shopping website try this trick: Add these items to your cart Item 1: 50$ Item 2: 49$ Change the quantity of Item 2 to -1 (negative amount) Subtotal: 1$ With this trick you can buy Item 1 for 1$ #bugbountytips #bugbountytip #bugbounty

@HivarekarPranav @Hacker0x01 Congrats

Sometimes going back to old old versions is not a waste of time. A bug was found in 2022. Title : from username all contact points associated with that account were disclosed in the invalid login error message youtu.be/9-FuYzhBGvo

@bazzounkassem Keep going , congratz

Delete any video/Reel Facebook paid >10000$

@KieranClaessens Thank you for saying nice

@yaalaab Impressive finding @yaalaab, thanks for publishing this & congratulations on the bounty! Keep up the great work

@yaala/account-takeover-and-two-factor-authentication-bypass-de56ed41d7f9" target="_blank" rel="nofollow noopener">medium.com/@yaala/account…

@PaulosYibelo Thanks you 😘

@yaalaab Rly nice find and grt persistence on target

@lokeshdlk77 Thanks you brother

@yaalaab Thanks for sharing writeup🥳🔥

@gfx_shrey Yes, i forget to mention android

@yaalaab Insane man! Those endpoints are from fb android app?