Mobile 25
- Access Twitter blue features using deeplink without a subscription.
- Instagram vulnerability : Turn off all type of message requests using deeplink (Android)
- Facebook android vulnerability: Launching internal/tighten deeplink onbehalf of user
- Facebook android webview vulnerability : Execute arbitrary javascript (xss) and load arbitrary website
- [IDOR] add or remove the linked publications from Author Publisher settings — Facebook Bug Bounty
- Cisco Webex Teams Mobile (Android) Information Disclosure Vulnerability
- Crash Instagram Bug (Android) using U+043E (Unpatched)
- Koo App Vulnerability : Stored XSS (Cloudflare bypass)
- Facebook Messenger for android indirect thread deletion vulnerability.
- Google Photos : Theft of Database & Arbitrary Files Android Vulnerability
- Sending ephemeral message – disposable message to any Facebook user
- Facebook: Linkshim protection bypass using fb://webview
- Facebook iOS address bar spoofing
- Facebook Page Admin Disclosure
- Perform substring search for emails even if Workplace admin hides email profile field.
- Bypass Samsung Knox protection to read files stored in a secure folder | Android
- Mitron App Account Takeover vulnerability
- Xiaomi Android : Harvest private/system files (Updated POC)
- FB & Messenger for iOS : Address Bar spoofing using data uri
- Information disclosure through javascript bridge in Android
- Private giant chat app – Send message to victim while sender blocked
- DoS on Facebook Android using 65530 chars of ZERO WIDTH NO-BREAK SPACE.
- Twitter Android Javascript Interface Vulnerability
- Whatsapp IP address disclosure with Link Preview feature
- From NA to $3000 : Facebook’s URL spoofing vulnerability