Category: META

  • Add comment on a private Oculus Developer support

    Add comment on a private Oculus Developer support

    Introduction Oculus Developer support is the dedicated hub for developers and creators seeking to explore the limitless possibilities of virtual reality (VR) on the Oculus platform for more details see https://developer.oculus.com/support/ The finding Having previously tested Oculus a few months ago without uncovering any bugs, I revisited the platform on September 17th for a fresh…

  • Sign up for Brand Collabs Manager on behalf of other page admins – Privilege Escalation

    Sign up for Brand Collabs Manager on behalf of other page admins – Privilege Escalation

    Introduction Brand Collabs Manager serves as a dynamic marketplace facilitating seamless connections between brands and creators, empowering them to discover, understand, and engage with each other’s potential. Located within Facebook page settings, the application process is typically exclusive to page administrators. Through this platform, administrators can apply and sign up as either a “creator” or…

  • Break saved option for other users in facebook – From N/A to valid bug

    Break saved option for other users in facebook – From N/A to valid bug

    Introduction In 2018, I discovered a vulnerability within the ‘Saved’ option on Facebook, allowing me to break my saved items. Since the impact was limited to my own account, I refrained from reporting it to the Facebook Security Team, considering it non-applicable (N/A) similar to finding a ‘Self XSS.’ In 2019, I revisited the issue…

  • Persistent Distorted Posts Issue and Unremovable Content in Facebook Group

    Persistent Distorted Posts Issue and Unremovable Content in Facebook Group

    Introduction Facebook recently added a new group type option called “Social Learning”. Groups classified in this way gain access to the new “Units feature”, which allows you to leverage the group as a platform for online course content or to simply organize your posts by topic. for more details see https://www.facebook.com/help/184985882229224 The finding During the…

  • Disclose private mockups for other users in facebook Creative Hub

    Disclose private mockups for other users in facebook Creative Hub

    Introduction Facebook offers a powerful feature known as “Creative Hub,” designed to serve as a collaborative platform for businesses. This tool facilitates the creation of ad mockups and provides a space for learning and drawing inspiration from creative possibilities without requiring any specific design skills or prior experience with Facebook advertising. For in-depth information, visit…

  • How I found a simple bug in Facebook events without any Test

    How I found a simple bug in Facebook events without any Test

    Introduction A Facebook event is a feature that allows Facebook users or page operators to create a calendar-based invitation to an event. A Facebook event can be sent to a select group of people and will include information about the event, the time and date of the event and even images related to the event.…

  • Bypass Admin approval, Mute Member and Posting Permissions for Only admins in Facebook groups

    Bypass Admin approval, Mute Member and Posting Permissions for Only admins in Facebook groups

    Introduction While reviewing my old notes on my computer, I came across the following entry: So, what exactly is the Watch Party Option? The Watch Party Option is an innovative feature within Facebook groups that empowers not only Group admins but also regular members to select any public video on Facebook and present it simultaneously…

  • Disclose Instagram Personal Private Archived posts when switching to Professional account through creative hub

    Disclose Instagram Personal Private Archived posts when switching to Professional account through creative hub

    Introduction Instagram features an “Archive” option, allowing users to conveniently archive their posts. According to Instagram, the content stored in the archive is intended for the user’s private viewing, ensuring that only the account holder has access to this archived material. This functionality provides users with a practical and secure way to manage and revisit…

  • Disclose latest stream video asset earnings for any gaming streamer page

    Disclose latest stream video asset earnings for any gaming streamer page

    Introduction Within the Facebook gaming dashboard, streamers have access to a valuable feature known as the “Viewing Stream Report.” This option provides essential information about their stream, including details such as the title, description, and tagged game. Streamers can leverage this tool to gain insights into the performance and key attributes of their streams. For…

  • Send messages through notification to facebook & workplace users without getting blocked

    Send messages through notification to facebook & workplace users without getting blocked

    Introduction In Facebook workplace, there is an option called “Safety Check” where admins of workplace can add their users as “Safety operator” which lets you report your status during a crisis, for more details about “Safety Check” see this link https://web.facebook.com/workplace/features/safety-check?_rdc=1&_rdr The finding The functionality responsible for processing the “add users” request is susceptible to…