Flawminers Blog

Tag: IDOR

  • Add comment on a private Oculus Developer support

    Add comment on a private Oculus Developer support

    Introduction Oculus Developer support is the dedicated hub for developers and creators seeking to explore the limitless possibilities of virtual reality (VR) on the Oculus platform for more details see https://developer.oculus.com/support/ The finding Having previously tested Oculus a few months ago without uncovering any bugs, I revisited the platform on September 17th for a fresh…

  • Sign up for Brand Collabs Manager on behalf of other page admins – Privilege Escalation

    Sign up for Brand Collabs Manager on behalf of other page admins – Privilege Escalation

    Introduction Brand Collabs Manager serves as a dynamic marketplace facilitating seamless connections between brands and creators, empowering them to discover, understand, and engage with each other’s potential. Located within Facebook page settings, the application process is typically exclusive to page administrators. Through this platform, administrators can apply and sign up as either a “creator” or…

  • Break saved option for other users in facebook – From N/A to valid bug

    Break saved option for other users in facebook – From N/A to valid bug

    Introduction In 2018, I discovered a vulnerability within the ‘Saved’ option on Facebook, allowing me to break my saved items. Since the impact was limited to my own account, I refrained from reporting it to the Facebook Security Team, considering it non-applicable (N/A) similar to finding a ‘Self XSS.’ In 2019, I revisited the issue…

  • Persistent Distorted Posts Issue and Unremovable Content in Facebook Group

    Persistent Distorted Posts Issue and Unremovable Content in Facebook Group

    Introduction Facebook recently added a new group type option called “Social Learning”. Groups classified in this way gain access to the new “Units feature”, which allows you to leverage the group as a platform for online course content or to simply organize your posts by topic. for more details see https://www.facebook.com/help/184985882229224 The finding During the…

  • Disclose private mockups for other users in facebook Creative Hub

    Disclose private mockups for other users in facebook Creative Hub

    Introduction Facebook offers a powerful feature known as “Creative Hub,” designed to serve as a collaborative platform for businesses. This tool facilitates the creation of ad mockups and provides a space for learning and drawing inspiration from creative possibilities without requiring any specific design skills or prior experience with Facebook advertising. For in-depth information, visit…

  • Bypass Admin approval, Mute Member and Posting Permissions for Only admins in Facebook groups

    Bypass Admin approval, Mute Member and Posting Permissions for Only admins in Facebook groups

    Introduction While reviewing my old notes on my computer, I came across the following entry: So, what exactly is the Watch Party Option? The Watch Party Option is an innovative feature within Facebook groups that empowers not only Group admins but also regular members to select any public video on Facebook and present it simultaneously…

  • Disclose latest stream video asset earnings for any gaming streamer page

    Disclose latest stream video asset earnings for any gaming streamer page

    Introduction Within the Facebook gaming dashboard, streamers have access to a valuable feature known as the “Viewing Stream Report.” This option provides essential information about their stream, including details such as the title, description, and tagged game. Streamers can leverage this tool to gain insights into the performance and key attributes of their streams. For…

  • Send messages through notification to facebook & workplace users without getting blocked

    Send messages through notification to facebook & workplace users without getting blocked

    Introduction In Facebook workplace, there is an option called “Safety Check” where admins of workplace can add their users as “Safety operator” which lets you report your status during a crisis, for more details about “Safety Check” see this link https://web.facebook.com/workplace/features/safety-check?_rdc=1&_rdr The finding The functionality responsible for processing the “add users” request is susceptible to…

  • How I was able to delete any image in Facebook community question forum

    How I was able to delete any image in Facebook community question forum

    Introduction Facebook Community Question Forum is a dedicated space where users could seek assistance and connect with others by asking questions across various categories. Whether you were looking for advice, troubleshooting, or general information, this platform allowed you to engage with a supportive community. Users and facebook support team, contributed answers to help address queries…

  • Unauthorized Disclosure of Video Thumbnails in Facebook Workplace

    Unauthorized Disclosure of Video Thumbnails in Facebook Workplace

    Introduction Facebook introduces ‘CANVAS,’ an innovative feature offering businesses the opportunity to create immersive and expressive experiences. Designed to facilitate storytelling and product showcasing, CANVAS provides a dynamic platform for businesses to engage their audience. For more in-depth information, visit https://www.facebook.com/business/news/introducing-canvas. The finding When creating a ‘CANVAS’ on Facebook, various options or components are available,…