franjkovic
- Karma
- 1,114
- Created
- October 20, 2013 (12y ago)
- Submissions
- 0
[ my public key: https://keybase.io/josipfranjkovic; my proof: https://keybase.io/josipfranjkovic/sigs/4EYnl7a6Vko4DGKQFypdzXwAxT-YnFN8DEc5X34RttQ ]
My security blog: https://www.josipfranjkovic.com
- Getting any Facebook user's friend list and partial payment card details (josipfranjkovic.com)
- Taking over Facebook accounts using Free Basics partner portal (josipfranjkovic.com)
- Hacking Facebook accounts using CSRF in Oculus-Facebook integration (josipfranjkovic.com)
- Stealing Facebook access_tokens using CSRF in device login flow (josipfranjkovic.com)
- The easiest bug bounties I have won (josipfranjkovic.blogspot.com)
- Race conditions on Facebook, DigitalOcean and others (fixed) (josipfranjkovic.blogspot.com)
- Reading local files from Facebook's server (fixed) (josipfranjkovic.blogspot.com)
- Step-by-step: exploiting SQL injection(s) in Oculus' website (josipfranjkovic.blogspot.com)
- Facebook bug bounty: secondary damage bugs and fairness (josipfranjkovic.blogspot.com)