oculus

3 articles
sort: new top best
clear filter
bug-bounty458 google364 microsoft314 facebook272 xss250 apple179 malware176 rce165 exploit141 cve111 account-takeover104 bragging-post101 phishing84 privilege-escalation81 csrf81 supply-chain68 stored-xss65 authentication-bypass63 dos63 browser62 reflected-xss57 react54 cloudflare51 reverse-engineering49 cross-site-scripting48 input-validation48 aws48 docker47 node47 access-control47 smart-contract45 web343 ethereum43 sql-injection43 web-security42 ssrf42 defi42 web-application41 oauth37 writeup37 race-condition36 burp-suite35 vulnerability-disclosure34 info-disclosure34 idor34 html-injection33 cloud33 auth-bypass33 lfi32 smart-contract-vulnerability32
0 5/10
Oculus Identity Verification bypass through Brute Force
vulnerability

A brute-force attack vulnerability was discovered in Oculus identity verification during username changes, where the lack of rate limiting allowed an attacker to enumerate 6-digit OTP codes and distinguish valid codes from invalid ones by analyzing response length differences (840 bytes for valid, 1152 for invalid).

brute-force-attack rate-limit-bypass otp-bypass identity-verification authentication-bypass oculus meta burp-suite response-length-analysis
Oculus Facebook Karthik Kumar Reddy Gmail Burp Suite
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 20 hours ago · details
0 8/10
Step by Step Exploiting SQLI in Oculus
vulnerability

Detailed walkthrough of exploiting blind SQL injection in Oculus' developer portal by bypassing multiple filters (no whitespace, no commas) using comment syntax and MySQL alternative function syntax, ultimately extracting admin session tokens and gaining administrative access.

sql-injection blind-sql-injection mysql web-application authentication-bypass session-hijacking oculus facebook burp-suite intruder bypass-techniques information-schema prepared-statements
Oculus Facebook Josip Franjković Jon (Bitquark) developer.oculusvr.com CompanyAction.php PHPSESSID MySQL
josipfranjkovic.blogspot.com · devanshbatham/Awesome-Bugbounty-Writeups · 20 hours ago · details
0 9/10
Hacking facebook oculus integration CSRF
bug-bounty

A chained CSRF vulnerability in Oculus-Facebook account linking allowed attackers to connect victims' Facebook accounts to attacker-controlled Oculus accounts, extract first-party Facebook access tokens via GraphQL queries, and achieve complete account takeover including password reset. The vulnerability required multiple fixes after initial attempts could be bypassed using a second CSRF on the Oculus login flow.

csrf account-takeover oauth facebook oculus graphql authentication-bypass token-extraction sso windows-application bug-bounty
Josip Franjković Facebook Oculus graph.oculus.com graph.facebook.com auth.oculus.com
josipfranjkovic.com · devanshbatham/Awesome-Bugbounty-Writeups · 20 hours ago · details