This is How I Turned an Informative Bug into a Valid $500 Bug

In this write-up, I have shared the story of a simple Facebook bug where the Activity Log and Hacked Flow features weren’t working as intended.

Image created/designed by the author

✨ Non-members can read this write-up for free using this link.

Hi everyone, it’s Shubham Bhamare again with a new bug bounty write-up. Today, I’m going to share the story of how I turned an “Informative” bug into a valid $500 bug. This was one of the most interesting findings of my life and a very simple one as well. The target platform was, of course, Facebook. 😅

The best part? This bug was found just by observation, like many of my previous findings.

So, without further ado, let’s get started! 👉

Description:

Let me give you a brief description of this bug. Facebook has two security features: Activity Log and Hacked Flow.

• The Activity Log allows users to view their recent comments, likes, and other activities on Facebook.
• The Hacked Flow is designed to help users undo suspicious activities if they believe their account has been compromised.