Facebook Introduces New Tool for Finding SSRF Vulnerabilities
According to the definition provided by OWASP, a SSRF attack enables an attacker to abuse a server’s functionality to read or update internal resources. “The attacker can supply or modify a URL which the code running on the server will read or submit data to, and by carefully selecting the URLs, the attacker may be…
Facebook Paid Out $50K for Vulnerabilities Allowing Access to Internal Systems
Cybersecurity engineer and bug bounty hunter Alaa Abdulridha revealed in December 2020 that he had earned $7,500 from Facebook for discovering a vulnerability in a service apparently used by the company’s legal department. The researcher said the security hole could have been exploited to reset the password of any account for a web application used…
Facebook Announces Payout Guidelines for Bug Bounty Program
The payout guidelines provide insight into the process used by the company to determine rewards for certain vulnerability categories. Specifically, it provides information on the maximum bounty for each category and describes the mitigating factors that can result in a lower reward. Payment guidelines are currently available for page admin vulnerabilities, for which the top…
