bug-bounty622
facebook479
xss316
google174
microsoft120
rce102
apple72
csrf60
web355
account-takeover53
writeup51
exploit43
sqli41
dos36
ssrf34
cve33
cloudflare32
privilege-escalation29
defi28
malware27
node26
smart-contract-vulnerability25
idor25
subdomain-takeover24
clickjacking23
smart-contract23
ethereum23
access-control21
react21
vulnerability-disclosure21
reverse-engineering20
auth-bypass19
aws19
remote-code-execution18
lfi18
cloud17
docker17
cors17
oauth17
supply-chain17
race-condition17
info-disclosure16
browser14
authentication-bypass14
solidity14
phishing14
denial-of-service11
sql-injection11
delegatecall11
wordpress10
0
vulnerability
A race condition vulnerability in Facebook chat groups allows an attacker to become invisible in group conversations while maintaining full read/write access and the ability to add/remove users without triggering read receipts. By rapidly adding and removing a target user from a group conversation, an attacker can exploit timing flaws to spy on private group messages undetected.
race-condition
facebook
chat-groups
group-conversations
information-disclosure
eavesdropping
timing-attack
fuzzing
bug-bounty
responsible-disclosure
Facebook
Seif Elsallamy
Seekurity
Mail.ru
CVE-2017-17713
CVE-2017-17714
Trape
Boxug
0
A researcher discovered a local file inclusion (LFI) vulnerability on Google's production servers at springboard.google.com through directory enumeration and authorization bypass, escalating from an initial auth bypass to full LFI with admin privileges, ultimately earning a $13,337 bounty from Google's Vulnerability Reward Program.
local-file-inclusion
lfi
authorization-bypass
authentication-bypass
directory-enumeration
bug-bounty
google-vrp
subdomain-enumeration
fuzzing
production-servers
google
springboard
privilege-escalation
web-security
vulnerability-disclosure
Omar Espino
omespino
Google
springboard.google.com
cloudsearch.google.com
Google VRP
wfuzz
domained
masscan
SecLists
ESCAL8
Intigriti
HackerOne
CVE-2024-1234