Loading...

XSS and LFI in Facebook for Android

In Summary : Whilst working on the Facebook Bug Bounty Program in June 2018 we had identified an issue with the webview component used in ...

In Summary :

Whilst working on the Facebook Bug Bounty Program in June 2018 we had identified an issue with the webview component used in the Facebook for Android application. The vulnerability would allow an attacker to execute arbitrary javascript within the Android application by just clicking a single link.
I was able to execute this at 3 different end points before we concluded the issue was primarily with the webview component rather than just the reported end points themselve. After going back and forth with the Facebook security team they quickly patched the issue and I was rewarded with $8500 under their Bug Bounty Program. [...]

kindly refer the following link as follow up :
https://ift.tt/2x2Ldfk


Post a Comment

emo-but-icon

Home item

ADS

Popular Posts

Random Posts

Flickr Photo

StatCounter

View My Stats