Session Issue In Facebook 2016

Session Issue In Facebook

My name is Mubassir Kamdar this is my blog an I am here to explain how I found Session Issue in Facebook 

So in 2016 I started Bug Hunting after that when I learn enough about Web Hacking and Security from OWASP ,Now I want to test my skills and I select my target facbook.com to test a bugs for some fun and profit to.....

I want to facebook and try some xss issues csrf and many other but i am unlucky to test my bug hunting skills and after wasting two or three hours successfully.I am feeling tired but I don't lost my Hope. and now I think I should try something different and suddenly a Session Issues come's in my mind now when I am playing with facebook login and logout buttons to find some interesting thing I found nothing and i was like

Now on my account there is a Login Approval is on so no one can hack my account,I again want to check facebook now this time i login into my account and i saw a login approval page first i tried to brute force my login approval and i was failed then something caught my eyes I saw a logout button on the top right side I click on it and then i go to main page of facebook.com and then i press back button in browser and after that i shocked to see that i come to login approval page and here it ask me to put a code i put a code to test and my account is logged in i was like 

Through this I found my first 2016 Hall Of Fame of facebook and this cause facebook to pay me 500$ bounty


If you like my article share it with your friend and stay tuned to get more interesting poc

Post a Comment