Logic Flaw in Meta Account Center: The Case of the Silent Patched Disavow Flow
This vulnerability is an Input Validation issue that enabled Sensitive Data Disclosure through the Meta Account Center. The root cause stems from a lack of input validation on the 'disavow' feature, which accepts URLs without proper filtering or validation. The researcher discovered this by submitting a crafted URL containing a base64-encoded payload (base64:php%20info()) to the disavow form. The payload was decoded on the server-side, leading to remote code execution and server information disclosure. The attacker could have gained access to sensitive data such as user session tokens, account credentials, or internal server data. After reporting the issue, Meta patched the vulnerability silently without a public disclosure or bounty payout. Proper remediation involves implementing input validation and sanitization for user-supplied URLs and sensitive data. Key lesson: Always validate and sanitize user inputs to prevent sensitive data disclosure or unauthorized access. #BugBounty #Cybersecurity #InputValidation #DataDisclosure #WebSecurity

https://evangeliux.medium.com/logic-flaw-in-meta-account-center-the-case-of-the-silent-patched-disavow-flow-715a0662775f?source=rss------bug_bounty-5

Tesla just revealed a breach tied to a whistleblower leak.
🔐 Cybersecurity and corporate transparency are in the spotlight once again.

#DataDisclosure #dataprotection #freethedata #CISONightmare

https://www.securityweek.com/tesla-discloses-data-breach-related-to-whistleblower-leak/

Absolutely love what Dr. DeBenedictis is up to here!

Weekly updates on science progress, out to the world. Communication of data in a different way, for a different reason, than your typical academic article.

https://erikaaldendeb.substack.com/p/erika-update-1

#publishing #writing #OpenScience #DataDisclosure