Facebook Bug Bounty 2013 – Open Redirect Vulnerability
A open redirect and filter bypass vulnerability was detected in the official original Facebook and Facebook core application. The vulnerability allows to bypass the basic validation of the application module to redirect users unauthorized to an external source.
Normally the redirect exception only allows the attacker to redirect to allowed or internal applications. The attacker exchanges the application url id with a valid request and can inject an url to external target but the attacker needs to make at the end of the domain a bind.php#_=_ to redirect successful to the external source. After requesting the url which does not expire because of the client id which can be exchanged randomly with others the request will redirect the victim to another web page.
Advanced Persistent Threat Golden_hands - Digital Bank Robbery of the Year 2020
Facebook Security - 12.500$ Bug Bounty reward to Security Researcher
Bug Bounty Program Award Winners 2014 - Exclusive Interview by Microsoft & PayPal
Shopify | Buy Button | Persistent Embed POST Inject Vulnerability