bug-bounty457
google360
microsoft310
facebook264
xss250
apple176
malware175
rce165
exploit140
cve111
account-takeover104
bragging-post102
phishing84
privilege-escalation82
csrf81
supply-chain68
stored-xss65
authentication-bypass64
dos62
browser60
reflected-xss57
react52
cloudflare50
reverse-engineering49
access-control48
input-validation48
cross-site-scripting48
aws47
node46
docker46
smart-contract45
ethereum44
sql-injection43
defi43
web-security43
ssrf42
web342
web-application41
writeup37
oauth37
race-condition36
burp-suite35
info-disclosure34
idor34
vulnerability-disclosure34
auth-bypass33
cloud33
html-injection33
buffer-overflow32
smart-contract-vulnerability32
0
6/10
A clickjacking vulnerability in Facebook's AJAX endpoint (/ajax/home/generic.php) lacked X-Frame-Options headers, allowing attackers to iframe and redress the UI to trick victims into adding attackers to secret groups or performing other unintended actions via form submission.
clickjacking
ui-redressing
x-frame-options
csrf
facebook
csrf-attack
iframe-injection
web-vulnerability
social-engineering
Facebook
Mohamed A. Baset
Seekurity