Disclose fbApps Contact Email - The easiest bug bounties I have ever won!

Dandy February 27, 2019

Facebook for Developers = Settings = Basic = Contact Email.

This field mean to be secrete for communication between admin/dev and Facebook.
Only Administrator of the App and Developer role can access these field.

It was fine on regular Graph API called to "contact_email". No data was return but when I changed query to "graphql" I was able to disclose any facebook application contact email address.

Timeline:
===
Nov 21, 2018 - Reported.
Nov 28, 2018 - Triaged.
Dec 8, 2018 - Fixed.
Feb 12, 2019 - Bounty Awarded.

Advertisement

Disclose fbApps Contact Email - The easiest bug bounties I have ever won!

Facebook,BugBounty,Security,Vulnerability,Developers,

Post a Comment

0 Comments

Popular Posts

Devon Stack of 'Blackpilled' Discusses Propaganda in Movies, TV, and Commercials

Family Night Routine - What we do Before Bedtime with Adley and Baby Bear

ASMR Dog Reviewing Different Types of Food

Recent

Categories

HOT

Menu Footer Widget

Advertisement

Disclose fbApps Contact Email - The easiest bug bounties I have ever won!

Facebook,BugBounty,Security,Vulnerability,Developers,

You may like these posts

Post a Comment

0 Comments

Popular Posts

Devon Stack of 'Blackpilled' Discusses Propaganda in Movies, TV, and Commercials

Family Night Routine - What we do Before Bedtime with Adley and Baby Bear

ASMR Dog Reviewing Different Types of Food

Recent

Categories

HOT

Menu Footer Widget