[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability

To: alfiej@xxxxxxxxxxx
Subject: Re: [FD] Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability
From: Julius Kivimäki <julius.kivimaki@xxxxxxxxx>
Date: Fri, 13 Feb 2015 08:41:19 +0200

Even though deleting everything is kind of a big deal, it still does not
get you anywhere near that CVSS score.
Here's my very generous calculator inputs:
http://puu.sh/fQVB5/76c526ed5d.png

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

References:
- [FD] Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability
  - From: Vulnerability Lab
- Re: [FD] Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability
  - From: Scott Arciszewski
- Re: [FD] Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability
  - From: Alfie John

Prev by Date: Re: [FD] Major Internet Explorer Vulnerability - NOT Patched
Next by Date: [FD] CVE-2015-1574 - Google Email App 4.2.2 remote denial of service
Previous by thread: Re: [FD] Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability
Next by thread: [FD] BlinkSale Bug Bounty #1 - Encode & Validation Vulnerability
Index(es):
- Date
- Thread