Tags: XSS
XSS on Facebook’s acquisition Oculus CDN Server
I would suggest you first to read the previous post here. How I bypassed Facebook CDN content’s signature protection. Oculus acquired by Facebook and Oculus CDN Server is also in the scope of the Facebook Bug Bounty Program. The same bug was present on “oculuscdn.com”. On “oculuscdn.com” the bug was very simple and straightforward. Just […]
Read More →
XSS on Facebook-Instagram CDN Server bypassing signature protection
Facebook and Instagram all photos/videos and more content are stored on their CDN Server. Such one of “*.fbcdn.net” and “*.cdninstagram.com” and they served via various sub-domains. Those all of the photos/videos on CDN Server contain a signature in the URL (various parameters “oh” and “oe” etc), which causes an error to be thrown if we […]
Read More →Archives