Wednesday, May 5, 2021

Facebook Bug POC - Deleting Friends notifications


Two endpoints performing an Invite and a Removal to add and remove Contributers for Collections were missing rate limiting.

Every Invite would send a notification to that Friend.

Wednesday, April 28, 2021

Facebook Bug POC - Missing rate limit on Device Code verification

A GraphQL call was missing rate limit on verifying login codes for devices.

Facebook for Devices - Facebook for Devices helps you use your Facebook account to access apps and services on

Wednesday, April 21, 2021

Facebook Bug POC - Admin discloser by "Team members" feature

During content discovery, I was redirected to a page which pushed me to old Facebook UI.

Wednesday, April 14, 2021

Facebook Bug POC - Group Quality Insight

Group Quality Insights - Information of what/when/why Community standards are violated in a group (Includes False News).

Who can see this info - ONLY GROUP ADMINS (Mods excluded).

Wednesday, April 7, 2021

Facebook Bug POC - Fetching Demographic Audience data Insight for any Page

There was a GraphQl request which could be malformed to get the Demographic Audience data insight for any Facebook Page.

Demographic Audience data insight - Country (specific in this bug)likes insight.