Write-ups
Check The Published Writeups
| WDB | Title | Tags | Programs | Authors | Type | Publication | Added |
|---|---|---|---|---|---|---|---|
| 4265 | Facebook Messenger server random memory exposure through corrupted GIF image | Information disclosure | Meta / Facebook | Dzmitry Lukyanenka (@vulnano) | Bug Bounty | 2019-03-06 | 2023-06-13 |
| 3320 | Global grant uri in Android 8.0-9.0 (2018 year) | Authorization flaw | Dzmitry Lukyanenka (@vulnano) | Bug Bounty | 2020-07-09 | 2023-06-13 | |
| 2198 | Facebook Messenger for MacOS contained valid hardcoded FB access token (employee%27s token?) | Hardcoded credentials | Meta / Facebook | Dzmitry Lukyanenka (@vulnano) | Bug Bounty | 2021-09-23 | 2023-06-13 |
| 1337 | React debug.keystore key was trusted by Meta(Facebook) which caused to Instagram account takeover by malicious apps. | Account takeover Android | Meta / Facebook | Dzmitry Lukyanenka (@vulnano) | Bug Bounty | 2022-07-19 | 2023-06-13 |
| 608 | Meta Quest: Attacker could make any Oculus user to follow (subscribe) him without any approval | IDOR Authorization flaw | Meta / Facebook | Dzmitry Lukyanenka (@vulnano) | Bug Bounty | 2023-01-09 | 2023-06-13 |