AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Network inspector access code hack4/30/2023 Disclosure Timelineįeb 22nd, 2016 : Report sent to Facebook team.įeb 23rd, 2016 : Verified the fix from my end. Vulnerable requestīrute forcing the “n” successfully allowed me to set new password for any Facebook user. A proof of concept video of the hackĪs you can see in the video, I was able to set a new password for the user by brute forcing the code which was sent to their email address and phone number. I could then use this same password to log into my own hacked account. I tried to take over my own account (as per Facebook’s policy, you should not do any harm any other users’ accounts) and was successful in setting a new password for my account. For parents, you can even search for children ’s movies by age range. The number will automatically bring up a list of movies and TV shows that fit the sub-genre, whether it’s boxing movies, Disney musicals or gangster movies. Interestingly, rate limiting was missing from forgot password endpoint. To use the codes, simply type the numbers into your Netflix search bar. Then I looked out for the same issue on and. I tried to brute force the 6 digit code on and was blocked after 10–12 invalid attempts. įacebook will then send a 6 digit code to this phone number or email address which the user has to enter in order to set a new password. Whenever a user Forgets their password on Facebook, they have an option to reset the password by entering their phone number and email address on. ![]() I was able to view messages, their credit/debit cards stored under their payment section, personal photos, and other private information.įacebook acknowledged the issue promptly, fixed it, and rewarded me with a US $15,000 bounty based on the severity and impact of this vulnerability. ![]() This gave me full access to other users account by setting a new password. This post is about a simple vulnerability I discovered on Facebook which I could have used to hack into other users’ Facebook accounts easily and without any user interaction. I am publishing this with the permission of Facebook under the responsible disclosure policy. By AppSecure I figured out a way to hack any of Facebook’s 2 billion accounts, and they paid me a $15,000 bounty for it
0 Comments
Read More
Leave a Reply. |