Hacking, AppSec, and Bug Bounty newsletter
2019-02-13 | OMG cable, IDOR described, 25K CSRF on Facebook
Wednesday, February 13
You like wifi in your malicious USB cables? Then you’ll love @_MG_’s Omg cable, coming soon to a Hak5 store near you :).
OTHER ARTICLES WE’RE READING
Scammers going analog to steal that coveted Insta handle.
Procedure reform guidance for FBI on their SMS text retention tooling. “The OIG found that FBI text messages were saved to a database on the devices, some of which were not captured by the collection application. The OIG identified this, and other concerns, as security vulnerabilities."
Well done video describing IDOR’s by PwnFunction
$25K CSRF on Facebook writeup by Samm0uda
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
This is possible because of a vulnerable endpoint which takes another given Facebook endpoint selected by the attacker along with the parameters and make a POST request to that endpoint after adding the fb_dtsg parameter.