Max PasquaMoving PlatformsI’ve decided that I’m going to be moving platforms for my write ups.Jun 11, 2019Jun 11, 2019
Max PasquaDoS Across Facebook EndpointsA while back I read a report by a friend of mine, Kassem, where he was able to completely block a user from using Facebook Messenger with…Mar 19, 2019Mar 19, 2019
Max PasquaUnremovable Users in Facebook CollectionsLooking through Facebook newsroom I saw an update was put out ( https://newsroom.fb.com/news/2018/12/facebook-collection-sharing/) that…Jan 28, 2019Jan 28, 2019
Max PasquaStealing Side-Channel Attack Tokens in Facebook Account SwitcherAfter receiving an email from facebook that somebody requested to join my group I decided to open the link in a different account to see…Jan 4, 20192Jan 4, 20192
Max PasquaChaining Two Vulnerabilities to Break Facebook Appointment Times For the Second TimeAlong with https://medium.com/bugbountywriteup/breaking-appointments-and-job-interview-schedules-with-malformed-times-edef103e46ba during…Dec 14, 2018Dec 14, 2018
Max PasquaUnremovable Tags In Facebook Page ReviewsFacebook pages have a feature to leave reviews on them. When making a review a malicious user could tag a victim and it would render the…Dec 14, 2018Dec 14, 2018
Max PasquaBreaking Appointments and Job Interview Schedules With Malformed TimesFacebook recently added an “Appointments” feature to pages. After a bit of searching through all the requests made I found that it was…Nov 13, 20181Nov 13, 20181
Max PasquaBreak Services tab on Facebook Pages with Integer OverflowThis vulnerability allows an attacker to break the services tab of a page rendering it completely unusable and unviewable. This attack…Feb 23, 20182Feb 23, 20182
Max PasquaXSS in Facebook CDN through AR Studio EffectsI was browsing Facebook newsroom when I saw that they put out a new addition, AR Studio Effects (https://www.facebook.com/fbcameraeffects…Feb 23, 2018Feb 23, 2018
Max PasquaXSS in Oculus Rifts CDNAfter looking through Oculus Rifts site I came across the developer section for making apps. I quickly made a test app and poked around for…Feb 23, 2018Feb 23, 2018