bug-bounty448
google355
microsoft313
facebook262
xss238
apple180
malware174
rce149
exploit124
bragging-post101
cve99
account-takeover93
phishing83
csrf79
privilege-escalation77
stored-xss65
supply-chain65
authentication-bypass63
dos60
reflected-xss57
browser57
react50
cloudflare49
reverse-engineering48
input-validation48
cross-site-scripting48
access-control47
smart-contract45
docker45
aws45
node44
ethereum43
web343
sql-injection43
web-security42
defi42
web-application41
ssrf38
burp-suite35
vulnerability-disclosure34
idor34
race-condition33
html-injection33
info-disclosure33
smart-contract-vulnerability32
writeup32
buffer-overflow32
cloud32
oauth32
information-disclosure30
0
9/10
vulnerability
A critical XSS vulnerability on Facebook's CDN was achieved by encoding malicious JavaScript into PNG IDAT chunks, uploading the image as an advertisement, then serving it with an .html extension to trigger HTML interpretation via MIME sniffing. The attacker leveraged document.domain to access the fb_dtsg CSRF token from www.facebook.com and bypass LinkShim protections.
xss
content-type-sniffing
cdn-security
png-exploitation
idat-chunk
deflate-compression
mime-type-bypass
csrf-token-extraction
document-domain
link-shim-bypass
facebook
akamai
image-upload
payload-encoding
Facebook
Akamai
akamaihd.net
fbcdn.net
photo.facebook.com
fnt.pe
phwd
0
6/10
bug-bounty
XSS vulnerability in dynamically generated JavaScript file endpoint that accepts unsanitized user input via a callback parameter and lacks proper content-type headers, allowing injection of arbitrary JavaScript code that executes in the context of the target domain.
xss
cross-site-scripting
javascript-injection
parameter-pollution
dynamic-js-generation
content-type-sniffing
same-origin-policy-bypass
ajax-injection
burp-suite
parameter-discovery
Arbaz Hussain
parameth
Hurricane Labs
Google Gruyere