| 5286 | Google.com cross site scripting and privilege escalation in Consumer Surveys |
Stored XSS
Authorization flaw |
Google |
Josip Franjkovic (@josipfranjkovic) |
Bug Bounty | 2013-01-03 | 2023-06-13 |
| 5275 | How I found my way into Instagram%27s Ganglia, and a bug with Facebook likes. |
Reflected XSS
IDOR |
Meta / Facebook |
Josip Franjkovic (@josipfranjkovic) |
Bug Bounty | 2013-07-23 | 2023-06-13 |
| 5274 | SQL injections in Nokia sites. |
SQL injection |
Nokia |
Josip Franjkovic (@josipfranjkovic) |
Bug Bounty | 2013-07-30 | 2023-06-13 |
| 5269 | Facebook CSRF leading to full account takeover (fixed) |
CSRF
Account takeover |
Meta / Facebook |
Josip Franjkovic (@josipfranjkovic) |
Bug Bounty | 2013-10-18 | 2023-06-13 |
| 5267 | Facebook bug bounty: secondary damage (one report that leads to more bugs), fairness, and why I really like reporting to Facebook |
CSRF |
Meta / Facebook |
Josip Franjkovic (@josipfranjkovic) |
Bug Bounty | 2013-10-21 | 2023-06-13 |
| 5241 | Step-by-step: exploiting SQL injection(s) in Oculus%27 website. |
SQL injection |
Meta / Facebook |
Josip Franjkovic (@josipfranjkovic) |
Bug Bounty | 2014-09-05 | 2023-06-13 |
| 5233 | Reading local files from Facebook%27s server (fixed) |
LFI
Unrestricted file upload |
Meta / Facebook |
Josip Franjkovic (@josipfranjkovic) |
Bug Bounty | 2014-12-06 | 2023-06-13 |
| 5219 | Race conditions on Facebook, DigitalOcean and others (fixed) |
Race condition |
Meta / Facebook
DigitalOcean
LastPass |
Josip Franjkovic (@josipfranjkovic) |
Bug Bounty | 2015-04-27 | 2023-06-13 |
| 5216 | The easiest bug bounties I have ever won |
IDOR |
Meta / Facebook |
Josip Franjkovic (@josipfranjkovic) |
Bug Bounty | 2015-07-13 | 2023-06-13 |
| 5161 | Race conditions on the web |
Race condition |
Cobalt.io
Meta / Facebook
MEGA
Keybase |
Josip Franjkovic (@josipfranjkovic) |
Bug Bounty | 2016-07-12 | 2023-06-13 |
| 5159 | Stealing Facebook access_tokens using CSRF in device login flow |
CSRF
OAuth
Information disclosure |
Meta / Facebook |
Josip Franjkovic (@josipfranjkovic) |
Bug Bounty | 2016-07-19 | 2023-06-13 |
| 4895 | Hacking Facebook accounts using CSRF in Oculus-Facebook integration |
CSRF |
Meta / Facebook |
Josip Franjkovic (@josipfranjkovic) |
Bug Bounty | 2018-01-15 | 2023-06-13 |
| 4865 | Taking over Facebook accounts using Free Basics partner portal |
Information disclosure
IDOR |
Meta / Facebook |
Josip Franjkovic (@josipfranjkovic) |
Bug Bounty | 2018-02-07 | 2023-06-13 |
| 4838 | Getting any Facebook user%27s friend list and partial payment card details |
Information disclosure
IDOR |
Meta / Facebook |
Josip Franjkovic (@josipfranjkovic) |
Bug Bounty | 2018-03-09 | 2023-06-13 |
