Youssef Sammouda 14

DOM-XSS in Instant Games due to improper verification of supplied URLs Jan 29, 2023
Account takeover of Facebook/Oculus accounts due to First-Party access_token stealing Jan 29, 2023
Account takeover of Facebook/Oculus accounts due to First-Party access_token stealing Jan 29, 2023
Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation Jan 29, 2023
Multiple bugs chained to takeover Facebook Accounts which uses Gmail. May 14, 2022
More secure Facebook Canvas Part 2: More Account Takeovers Mar 4, 2022
Multiple bugs allowed malicious Android Applications to takeover Facebook/Workplace accounts Sep 29, 2021
Multiple bugs allowed malicious Android Applications to takeover Facebook/Workplace accounts Sep 29, 2021
More secure Facebook Canvas : Tale of $126k worth of bugs that lead to Facebook Account Takeovers Sep 3, 2021
Oversightboard.com site-wide CSRF due to missing checking Jun 27, 2021
Disclose unconfirmed email/phone of a Facebook user Jun 27, 2021
Disclose unconfirmed email/phone of a Facebook user Jun 27, 2021
Oculus SSO “Account Linking” bug leads to account takeover on third party websites and inside VR Games/Apps May 20, 2021
Oculus SSO “Account Linking” bug leads to account takeover on third party websites and inside VR Games/Apps May 20, 2021

Trending Tags

newsletter bypass xss cve web rce security exploit takeover app