| 4553 | Facebook Bug Bounty: Email Id, Phone Number Can be exposed Through Business Manager |
Logic flaw
Information disclosure |
Meta / Facebook |
Rohit kumar (@rohitcoder) |
Bug Bounty | 2018-10-03 | 2023-06-13 |
| 4487 | Object name Exposure — ING Bank Responsible Disclosure Program |
Information disclosure |
ING Bank |
Rohit kumar (@rohitcoder) |
Bug Bounty | 2018-11-08 | 2023-06-13 |
| 4298 | Facebook/Workplace Bug Exposed Offsite Employee Events, Sensitive emails Putting Employees at Risk |
Information disclosure |
Meta / Facebook |
Rohit kumar (@rohitcoder) |
Bug Bounty | 2019-02-16 | 2023-06-13 |
| 4295 | Stored XSS on Edmodo |
Stored XSS |
Edmodo |
Rohit kumar (@rohitcoder) |
Bug Bounty | 2019-02-18 | 2023-06-13 |
| 4250 | User Account Takeover [Password Change]— Nice Catch! |
Account takeover
Password reset |
NA |
Rohit kumar (@rohitcoder) |
Bug Bounty | 2019-03-14 | 2023-06-13 |
| 4093 | Business user Employees could have applied block list to all ad accounts listed in the business manager. |
Authorization flaw
Logic flaw |
Meta / Facebook |
Rohit kumar (@rohitcoder) |
Bug Bounty | 2019-06-17 | 2023-06-13 |
| 3971 | ByPassing fix of Domain Blocking feature in Business Manager |
Authorization flaw
Logic flaw |
Meta / Facebook |
Rohit kumar (@rohitcoder) |
Bug Bounty | 2019-08-15 | 2023-06-13 |
| 3882 | Whitehat test accounts can act as Hidden Admin with Business manager / Ad Accounts. |
Authorization flaw |
Meta / Facebook |
Rohit kumar (@rohitcoder) |
Bug Bounty | 2019-10-12 | 2023-06-13 |
| 3506 | Private Dashboards were accessible by other Admins in Analytics Dashboard |
Authorization flaw |
Meta / Facebook |
Rohit kumar (@rohitcoder) |
Bug Bounty | 2020-05-02 | 2023-06-13 |
| 3421 | [IDOR] Delete saved credit cards from any Business Manager Account — Facebook Bug Bounty |
IDOR |
Meta / Facebook |
Rohit kumar (@rohitcoder) |
Bug Bounty | 2020-06-05 | 2023-06-13 |
| 3182 | Page shops with a hidden Product in “Featured product section” which could be controlled by attacker (Ex Editor). |
Logic flaw |
Meta / Facebook |
Rohit kumar (@rohitcoder) |
Bug Bounty | 2020-08-31 | 2023-06-13 |
| 2534 | CSRF from which we can create a support ticket in Victim’s Account (500$) |
CSRF |
Meta / Facebook |
Rohit kumar (@rohitcoder) |
Bug Bounty | 2021-05-21 | 2023-06-13 |
| 2533 | Victim’s Anti CSRF Token could be exposed to Third-party Applications installed on user’s Device (500$) |
Information disclosure |
Meta / Facebook |
Rohit kumar (@rohitcoder) |
Bug Bounty | 2021-05-21 | 2023-06-13 |
