Tag：Facebook | DEVCORE

How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM

orange

2020-09-12

This post is about my research this March, which talks about how I found vulnerabilities on a leading Mobile Device Management product and bypassed several limitations to achieve unauthenticated RCE. All the vulnerabilities have been reported to the vendor and got fixed in June. After that, we kept monitoring large corporations to track the overall fixing progress and then found that Facebook didn't keep up with the patch for more than 2 weeks, so we dropped a shell on Facebook and reported to their Bug Bounty program!

Advisory: Accellion File Transfer Appliance Vulnerability

orange

2016-09-22

According to a public data reconnaissance, there are currently 1,217 FTA servers online around the world, most of which are located in the US, followed by Canada, Australia, UK, and Singapore. Determine from the domain name and SSL Certificate of these servers, FTA is widely used by governmental bodies, educational institutions, enterprises, including several well-known brands.

How I Hacked Facebook, and Found Someone's Backdoor Script

orange

2016-04-21

Bug Bounty Hunting from Pentest View, and How to Find Remote Code Execution and Someone's Backdoor on Facebook Server...

Red Team Assessment

Penetration Testing

Security Consulting

Security Training

Overview

Competitions and Awards

Enterprise Vulnerability Reports

International Conferences

CVE List

Company Overview

Team Members

Achievements

Corporate Social Responsibility

Job Opportunities

BLOG

Media Resources

Search

Contact

中文

English

BLOG

All #Facebook Articles

How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM

orange

Advisory: Accellion File Transfer Appliance Vulnerability

orange

How I Hacked Facebook, and Found Someone's Backdoor Script

orange