Vulnerability Report - Meta Bug Bounty Program Hello, Today, I'm sharing a vulnerability I discovered in Meta's bug bounty program. This vulnerability allows an attacker to disclose the author of anonymous posts or comments in Facebook Groups. Description of Vulnerability: In Facebook groups, you can write an anonymous post or comment, and therefore no one should know your identity except the group admins. If you make an anonymous post or comment, and then someone blocks you and writes a comment on your post or comment, and you reply to them anonymously, their mention in your reply will appear as plain text instead of the normal blue clickable link. Exploitation Scenario: The victim publishes an anonymous post or comment inside a Facebook group. The attacker suspects that a specific group member is the owner of this anonymous post or comment. The attacker blocks the suspected member and then writes a comment on...
I'm Moaz Adel, a bug bounty hunter. In this blog, I'll share write-ups about the security vulnerabilities I discover