Profile cover photo
Profile photo
Pouya Darabi
About
Pouya's posts

Post has attachment
How I Bypassed Facebook CSRF in 2016 again!
I found a vulnerability in Facebook that allowed me to send a POST request with CSRF token to any Facebook endpoints or external hosts! It was very similar to this bug  which I found in 2015. 'fb_dtsg' Anti-CSRF token supposed to get validated at server-sid...

Post has attachment
Facebook - How I bypassed Facebook CSRF Protection 2015
I discovered a critical vulnerability in Facebook that allowed an attacker to bypasses Facebook CSRF protection! more information about CSRF at owasp 'fb_dtsg' Anti-CSRF token supposed to get validated at server-side and if an action request haven't that to...

Post has attachment
Facebook - How I bypassed Facebook CSRF Protection 2015
I discovered a critical vulnerability in Facebook that allowed an attacker to bypass Facebook CSRF protection! more information about CSRF at owasp 'fb_dtsg' Anti-CSRF token supposed to get validated at server-side and if an action request haven't that toke...

Post has attachment
Facebook - bypass ads account roles
I discovered a vulnerability in Facebook that allowed a normal user in ad account to get unauthorized admin access in that ad account admins in ad account  can add any user to their ad account with these 3 type of  role : admin advertiser analyst read more ...

Post has attachment
Photo
Wait while more posts are being loaded