| 1. | | Instagram account takeover via React debug.keystore (vulnano.com) |
| 2 points by phwd on July 19, 2022 | past |
|
| 2. | | HackerOne takes $25,000 from Belarusian hacker in response to sanctions (twitter.com/xnwup) |
| 15 points by phwd on March 13, 2022 | past | 10 comments |
|
| 3. | | Facebook SSRF (philippeharewood.com) |
| 2 points by phwd on July 30, 2021 | past |
|
| 4. | | Coding Exercises Exposed at Facebookrecruiting.com (philippeharewood.com) |
| 1 point by phwd on July 26, 2021 | past |
|
| 5. | | Bulletin.com Email Address Leak (philippeharewood.com) |
| 1 point by phwd on July 21, 2021 | past |
|
| 6. | | Facebook’s /intern/testdata tool: default password n0t3st (philippeharewood.com) |
| 1 point by phwd on June 7, 2021 | past |
|
| 7. | | Download Facebook internal mobile builds (philippeharewood.com) |
| 1 point by phwd on April 26, 2021 | past |
|
| 8. | | Leaked Credentials gives access to internalfb.com (philippeharewood.com) |
| 3 points by phwd on March 11, 2021 | past |
|
| 9. | | Instagram Terms of Use (2018 vs. 2020) (github.com/phwd) |
| 3 points by phwd on Dec 20, 2020 | past |
|
| 10. | | Facebook Remote Code Execution via CDN ($80k Bounty) (facebook.com) |
| 1 point by phwd on Nov 19, 2020 | past |
|
| 11. | | Facebook DOM Based XSS Using PostMessage (ysamm.com) |
| 1 point by phwd on Nov 7, 2020 | past |
|
| 12. | | $25K Instagram Almost XSS Filter Link (medium.com/alonnsoandres) |
| 3 points by phwd on Sept 20, 2020 | past |
|
| 13. | | I Hacked Facebook Again Unauthenticated RCE on MobileIron MDM (blog.orange.tw) |
| 2 points by phwd on Sept 12, 2020 | past |
|
| 14. | | Subscribe to typing notifications for any Instagram user (philippeharewood.com) |
| 1 point by phwd on Dec 6, 2019 | past |
|
| 15. | | HTTP Request Smuggling: How Did Tons of People Like Me on Tinder? (mustafairan.wordpress.com) |
| 3 points by phwd on Nov 24, 2019 | past |
|
| 16. | | Why Do Many Russians Prefer VK to Facebook? (quora.com) |
| 2 points by phwd on Nov 23, 2019 | past |
|
| 17. | | Hack any Instagram account ($30k Bug bounty) (thezerohack.com) |
| 5 points by phwd on July 15, 2019 | past |
|
| 18. | | Denial of service in Facebook Fizz due to integer overflow (CVE-2019-3560) (lgtm.com) |
| 3 points by phwd on March 19, 2019 | past |
|
| 19. | | Changing email address on Twitter for Android unsets “Protect your Tweets” (hackerone.com) |
| 9 points by phwd on Jan 19, 2019 | past | 1 comment |
|
| 20. | | Facebook Business Takeover ($27,500 bounty) (philippeharewood.com) |
| 3 points by phwd on Oct 29, 2018 | past |
|
| 21. | | View Facebook friends for any user (philippeharewood.com) |
| 2 points by phwd on Oct 17, 2018 | past |
|
| 22. | | Facebook Broadens Bug Bounty to Help Fix Third-Party Apps (wired.com) |
| 2 points by phwd on Sept 17, 2018 | past |
|
| 23. | | Breaking the Facebook for Android Application (ash-king.co.uk) |
| 1 point by phwd on Sept 11, 2018 | past |
|
| 24. | | View Private Instagram Photos (philippeharewood.com) |
| 2 points by phwd on Aug 29, 2018 | past |
|
| 25. | | Grab Facebook’s CSRF Token Through Their “Save to Facebook” Chrome Extension (ngyikp.com) |
| 2 points by phwd on Aug 27, 2018 | past |
|
| 26. | | Remote Code Execution on a Facebook server (scrt.ch) |
| 877 points by phwd on Aug 24, 2018 | past | 192 comments |
|
| 27. | | Facebook “Client-Side” CSRF (facebook.com) |
| 2 points by phwd on May 13, 2018 | past |
|
| 28. | | Facebook GraphQL CSRF (philippeharewood.com) |
| 1 point by phwd on March 30, 2018 | past |
|
| 29. | | Data Analytics, App Developers, and Facebook’s Role in Data Misuse (stanford.edu) |
| 2 points by phwd on March 21, 2018 | past |
|
| 30. | | Stored XSS on Facebook (opnsec.com) |
| 2 points by phwd on March 18, 2018 | past |
|
|
| More |
