Showing posts with the label Bug Bounty

Taking over Facebook Page Tabs

In this post, I'm describing how I was able to take over 4 tabs on Facebook's own Pages. 1. Facebook India Ambassadors I was browsing Facebook as usual and not in a mood to test anything. I then visited Facebook India's page to check is there any update from Facebook India and that's when I noticed a page tab Facebook India Ambassadors . I clicked on it to see Facebook India's Brand Ambassadors and the tab showed a heroku error page. I was surprised to see that there. It looked interesting to me so I decided to dig further. I found out that it loads a third party website in an iframe in main section. The url was  and I visited the url directly to verify that the subdomain doesn't exist. Heroku shows a does not exist error page if the subdomain doesn't exist. So I logged into my Heroku account and created a new project and give immense-atoll-4159  as project id. Then I created a simple NodeJS Script for

Send request to Martians. Earthlings are already your friends.

Hello everyone, I'm back with another write up. This time it's a Google bug. YouTube is Google's video sharing site and a great place to explore. As a bug hunter, you can spend hours or days or even weeks in YouTube without hesitation. I always used YouTube to play some music when I worked as a developer last year. When I started bug hunting, I tried YouTube multiple times and can't find any. Then I started hunting on another google services. After hunting for more than 2 hours, I found a bug on one of Google's acquisition. According to  Google , a video PoC is required only if it is contributing something that the text can't. But I'm a great fan of videos and my first bug to google (duplicate) contained a 15min video 😎. I recorded a video of that bug I found and visited YouTube to upload it. when I clicked upload button, I noticed something strange aside it, something new. It looked like a message button. But then, the upload page has loaded