Tag Archive: Oculus

XSS on Facebook’s acquisition Oculus CDN

This issue is very similar to my previous report. I thought, I would check same issue exist on any other acquisition by “Facebook”. Luckily same issue was present on “oculuscdn.com”. Even without Interchanging any sub domains. Proof of concept There is an endpoint allowed developers to upload application assets in their Oculus account.. All assets […]

Read More →