bug-bounty449
google357
microsoft315
facebook267
xss238
apple181
malware175
rce148
exploit127
bragging-post101
cve100
account-takeover93
phishing83
csrf79
privilege-escalation77
stored-xss65
supply-chain65
authentication-bypass62
dos60
browser58
reflected-xss57
react51
cloudflare49
input-validation48
reverse-engineering48
cross-site-scripting48
access-control47
docker46
smart-contract45
aws45
node45
ethereum43
web343
sql-injection42
defi42
web-application41
web-security40
ssrf38
burp-suite35
vulnerability-disclosure34
idor34
info-disclosure34
race-condition33
buffer-overflow33
html-injection33
cloud33
writeup32
oauth32
smart-contract-vulnerability32
information-disclosure30
0
9/10
vulnerability
A critical XSS vulnerability on Facebook's CDN was achieved by encoding malicious JavaScript into PNG IDAT chunks, uploading the image as an advertisement, then serving it with an .html extension to trigger HTML interpretation via MIME sniffing. The attacker leveraged document.domain to access the fb_dtsg CSRF token from www.facebook.com and bypass LinkShim protections.
xss
content-type-sniffing
cdn-security
png-exploitation
idat-chunk
deflate-compression
mime-type-bypass
csrf-token-extraction
document-domain
link-shim-bypass
facebook
akamai
image-upload
payload-encoding
Facebook
Akamai
akamaihd.net
fbcdn.net
photo.facebook.com
fnt.pe
phwd