bug-bounty488
google318
xss283
microsoft259
facebook226
rce175
apple153
exploit147
malware112
account-takeover109
bragging-post102
cve92
csrf85
privilege-escalation81
authentication-bypass66
stored-xss65
writeup63
phishing60
dos57
browser57
reflected-xss57
ssrf52
react51
access-control51
input-validation49
cross-site-scripting48
supply-chain48
aws47
cloudflare47
node46
smart-contract45
sql-injection45
ethereum44
docker44
defi43
web-application43
web-security43
reverse-engineering42
oauth42
web340
lfi37
burp-suite36
idor36
vulnerability-disclosure35
race-condition33
html-injection33
smart-contract-vulnerability32
csp-bypass32
clickjacking31
information-disclosure31
0
7/10
bug-bounty
A critical CSRF bypass vulnerability in Facebook's ads management interface where the fb_dtsg token validation could be circumvented by manipulating the show_dialog_uri parameter and using double-encoding (%253F) to bypass the initial fix, allowing arbitrary account modifications like email changes and security setting alterations without proper CSRF protection.
csrf
csrf-bypass
facebook
token-bypass
parameter-manipulation
url-manipulation
double-encoding
account-takeover
authentication-bypass
bug-bounty
Facebook
Pouya
OWASP
0
5/10
vulnerability
A stored XSS vulnerability was discovered in Google Custom Search Engine's promotion URL feature, where javascript: protocol handlers were not filtered, allowing attackers to inject malicious URLs that execute when victims click promoted results.
Google Custom Search Engine
cse.google.com
Sreeram
thesecurityexperts.wordpress.com
·
devanshbatham/Awesome-Bugbounty-Writeups
·
22 hours ago
·
details