XSS and LFI in Facebook for Android
In Summary : Whilst working on the Facebook Bug Bounty Program in June 2018 we had identified an issue with the webview component used in ...
https://updatesinfosec.blogspot.com/2018/09/xss-and-lfi-in-facebook-for-android.html
In Summary :
Whilst working on the Facebook Bug Bounty Program in June 2018 we had identified an issue with the webview component used in the Facebook for Android application. The vulnerability would allow an attacker to execute arbitrary javascript within the Android application by just clicking a single link.
I was able to execute this at 3 different end points before we concluded the issue was primarily with the webview component rather than just the reported end points themselve. After going back and forth with the Facebook security team they quickly patched the issue and I was rewarded with $8500 under their Bug Bounty Program. [...]
kindly refer the following link as follow up :
https://ift.tt/2x2Ldfk
Whilst working on the Facebook Bug Bounty Program in June 2018 we had identified an issue with the webview component used in the Facebook for Android application. The vulnerability would allow an attacker to execute arbitrary javascript within the Android application by just clicking a single link.
I was able to execute this at 3 different end points before we concluded the issue was primarily with the webview component rather than just the reported end points themselve. After going back and forth with the Facebook security team they quickly patched the issue and I was rewarded with $8500 under their Bug Bounty Program. [...]
kindly refer the following link as follow up :
https://ift.tt/2x2Ldfk
