Profile

Cover photo
Pouya Darabi
Works at Candoo
Attended Mazandaran University Of Science And Technology
138,168 views
AboutPostsPhotosVideos

Stream

Pouya Darabi

Shared publicly  - 
 
How I Bypassed Facebook CSRF in 2016 again!
I found a vulnerability in Facebook that allowed me to send a POST request with CSRF token to any Facebook endpoints or external hosts! It was very similar to this bug  which I found in 2015. 'fb_dtsg' Anti-CSRF token supposed to get validated at server-sid...
I found a vulnerability in Facebook that allowed me to send a POST request with CSRF token to any Facebook endpoints or external hosts! It was very similar to this bug which I found in 2015. 'fb_dtsg' Anti-CSRF token supposed to get validated at server-side and if an action request doesn't that ...
1
Add a comment...

Pouya Darabi

Shared publicly  - 
 
Facebook - How I bypassed Facebook CSRF Protection 2015
I discovered a critical vulnerability in Facebook that allowed an attacker to bypass Facebook CSRF protection! more information about CSRF at owasp 'fb_dtsg' Anti-CSRF token supposed to get validated at server-side and if an action request haven't that toke...
I discovered a critical vulnerability in Facebook that allowed an attacker to bypass Facebook CSRF protection! more information about CSRF at owasp 'fb_dtsg' Anti-CSRF token supposed to get validated at server-side and if an action request haven't that token, Facebook will drop the request ...
7
Meysam Jafari's profile photo
 
gj dude
Add a comment...

Pouya Darabi

Shared publicly  - 
 
Facebook - How I bypassed Facebook CSRF Protection 2015
I discovered a critical vulnerability in Facebook that allowed an attacker to bypasses Facebook CSRF protection! more information about CSRF at owasp 'fb_dtsg' Anti-CSRF token supposed to get validated at server-side and if an action request haven't that to...
I discovered a critical vulnerability in Facebook that allowed an attacker to bypasses Facebook CSRF protection! more information about CSRF at owasp 'fb_dtsg' Anti-CSRF token supposed to get validated at server-side and if an action request haven't that token, Facebook will drop the request ...
5
Add a comment...

Pouya Darabi

Shared publicly  - 
 
Facebook - bypass ads account roles
I discovered a vulnerability in Facebook that allowed a normal user in ad account to get unauthorized admin access in that ad account admins in ad account  can add any user to their ad account with these 3 type of  role : admin advertiser analyst read more ...
I discovered a vulnerability in Facebook that allowed a normal user in ad account to get unauthorized admin access in that ad account admins in ad account can add any user to their ad account with these 3 type of role : admin; advertiser; analyst. read more about these roles link ...
7
Add a comment...

Pouya Darabi

Shared publicly  - 
12
Add a comment...
Work
Employment
  • Candoo
    Developer, 2013 - present
Basic Information
Gender
Male
Education
  • Mazandaran University Of Science And Technology
    IT, 2012
Links
Contributor to