Facebook has doubled the bounty for security researchers who will found bug in Facebook's advertising code.
"We recently completed a comprehensive security audit of this area ourselves.We found and fixed a number of security bugs but would like to encourage additional scrutiny from Whitehats to see what we might have missed."said Collin Greene (Security Engineer at Facebook).
Some bugs that company has fixed.
- Redeeming the same ads coupon multiple times with expiry.
- Retrieving the same of an unpublished Page via the Ads create flow by guessing its Page ID.
- Arbitrary local file read via a .zip symlink.
- Injecting JavaScript into an ads report email and then leveraging a Cross Site Request Forgery (CSRF) bug to make victim send malicious email to target on your behalf.
Post a Comment