bug-bounty457
google360
microsoft310
facebook264
xss250
apple176
malware175
rce165
exploit140
cve111
account-takeover104
bragging-post102
phishing84
privilege-escalation82
csrf81
supply-chain68
stored-xss65
authentication-bypass64
dos62
browser60
reflected-xss57
react52
cloudflare50
reverse-engineering49
access-control48
input-validation48
cross-site-scripting48
aws47
node46
docker46
smart-contract45
ethereum44
sql-injection43
defi43
web-security43
ssrf42
web342
web-application41
writeup37
oauth37
race-condition36
burp-suite35
info-disclosure34
idor34
vulnerability-disclosure34
auth-bypass33
cloud33
html-injection33
buffer-overflow32
smart-contract-vulnerability32
0
7/10
vulnerability
A CSRF vulnerability in Facebook's OAuth Device Login flow allowed attackers to steal user access tokens by exploiting the lack of state parameter protection during the device code verification step. The attack required the victim to have approved an application with device login enabled, making it a conditional but potentially high-impact vulnerability.
Facebook
Josip Franjković
graph.facebook.com
m.facebook.com