bug-bounty448
google354
microsoft311
facebook262
xss238
apple179
malware174
rce149
exploit124
bragging-post101
cve99
account-takeover93
phishing83
csrf79
privilege-escalation77
supply-chain65
stored-xss65
authentication-bypass63
dos60
browser57
reflected-xss57
react50
cloudflare49
cross-site-scripting48
reverse-engineering48
input-validation48
access-control47
aws45
docker45
smart-contract45
node44
sql-injection43
ethereum43
web343
defi42
web-security42
web-application41
ssrf38
burp-suite35
idor34
vulnerability-disclosure34
info-disclosure33
race-condition33
html-injection33
cloud32
writeup32
oauth32
buffer-overflow32
smart-contract-vulnerability32
information-disclosure30
0
9/10
vulnerability
A critical XSS vulnerability on Facebook's CDN was achieved by encoding malicious JavaScript into PNG IDAT chunks, uploading the image as an advertisement, then serving it with an .html extension to trigger HTML interpretation via MIME sniffing. The attacker leveraged document.domain to access the fb_dtsg CSRF token from www.facebook.com and bypass LinkShim protections.
xss
content-type-sniffing
cdn-security
png-exploitation
idat-chunk
deflate-compression
mime-type-bypass
csrf-token-extraction
document-domain
link-shim-bypass
facebook
akamai
image-upload
payload-encoding
Facebook
Akamai
akamaihd.net
fbcdn.net
photo.facebook.com
fnt.pe
phwd
0
7/10
bug-bounty
A reflected XSS vulnerability in an OAuth2 redirect_uri parameter was escalated from simple alert injection to account takeover by extracting CSRF tokens from meta tags and automating admin user creation without authentication. The writeup demonstrates a practical methodology for showing XSS impact through functional exploitation rather than simple proof-of-concept.
reflected-xss
account-takeover
csrf-token-extraction
privilege-escalation
oauth2
javascript-protocol
admin-creation
impact-escalation
hackerone
bug-bounty-methodology
HackerOne
XMLHttpRequest
FormData