Archives
- 22 Feb Access Twitter blue features using deeplink without a subscription.
- 02 Jan Instagram vulnerability : Turn off all type of message requests using deeplink (Android)
- 22 Feb Facebook android vulnerability: Launching internal/tighten deeplink onbehalf of user
- 04 Jan Facebook android webview vulnerability : Execute arbitrary javascript (xss) and load arbitrary website
- 29 Dec [IDOR] add or remove the linked publications from Author Publisher settings — Facebook Bug Bounty
- 10 Sep Cisco Webex Teams Mobile (Android) Information Disclosure Vulnerability
- 09 Aug Crash Instagram Bug (Android) using U+043E (Unpatched)
- 03 Aug Koo App Vulnerability : Stored XSS (Cloudflare bypass)
- 02 Aug Facebook Messenger for android indirect thread deletion vulnerability.
- 13 Apr Google Photos : Theft of Database & Arbitrary Files Android Vulnerability
- 10 Feb Sending ephemeral message – disposable message to any Facebook user
- 08 Jan Facebook: Linkshim protection bypass using fb://webview
- 10 Nov Facebook iOS address bar spoofing
- 21 Oct Facebook Page Admin Disclosure
- 21 Oct Perform substring search for emails even if Workplace admin hides email profile field.
- 07 Oct Bypass Samsung Knox protection to read files stored in a secure folder | Android
- 29 May Mitron App Account Takeover vulnerability
- 28 May Xiaomi Android : Harvest private/system files (Updated POC)
- 18 May FB & Messenger for iOS : Address Bar spoofing using data uri
- 15 May Facebook group document deletion bug using only_author_may_edit parameter
- 28 Apr Information disclosure through javascript bridge in Android
- 28 Apr Private giant chat app – Send message to victim while sender blocked
- 28 Apr DoS on Facebook Android using 65530 chars of ZERO WIDTH NO-BREAK SPACE.
- 28 Apr Twitter Android Javascript Interface Vulnerability
- 27 Apr Whatsapp IP address disclosure with Link Preview feature
- 27 Apr From NA to $3000 : Facebook’s URL spoofing vulnerability