7500$ worth DOM XSS in Facebook Mobile Site

I was recently targeting adobe website for any vulnerabilities.I came to know that they were using (facebook/gmail) login to sign in instantly.when i clicked the ‘signin with facebook’,Facebook app login page was loaded.I just checked the url and saw there was a ‘cancel_url’ parameter,Which holds the url to which it redirects if the user choose to cancel the login process.The page redirects to adobe.com(source/origin) when ‘not now’ is clicked.I checked the source code of the page and saw that the url to redirect was stored in ‘href’ attribute

<a href=”https://adobe.com”/>

I was wondering if it was vulnerable to xss.So i checked by inputting javascript pseudo protocol ‘javascript:prompt(1)’ and clicked the ‘not now’,And i was shocked to see prompt 🤤..cool..Now what could an xss on a login page could do?.🤔

password and username can be stealed if the user choose to exit(clicking not now) rather than logging in 😁.Here is a test to just popup the facebook username entered by user ..when the ‘not now’ is clicked


Facebook responded to the issue quickly and fixed the issue within hours 😊 and as bounty they paid me 7500$



Security reasearcher

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store