Hi guys, it's Shubham Bhamare again. In this write-up, I'm going to tell you about one of my very simple Facebook bug which was found accidentally as I wasn't in the mood of testing at that time and was just browsing our business group on Facebook.

Due to this issue, Facebook group admin was unable to delete group album photos as well as entire album under certain circumstances.

So without wasting time, let's start! 👉

===

Setup and Scenario:

1) A Facebook group where only a page (ABC) is an admin.

2) An attacker (XYZ) is a Facebook user who's…


Hi guys, it's Shubham Bhamare again. In this write-up, I'm going to tell you about my 2nd valid bug that I found in Facebook. This issue could've accidentally revealed the identity of Facebook page admin by "Create doc" button. This is one of the very special finding for me because bounty I received for this report was beyond my expectations. 😃

So without wasting time, let's start! 👉

===

Setup and Scenario:

1) A Facebook user Sarah is the admin of Sarah's Page.

2) Sarah's Page is linked to Sarah's Group.

3) Sarah haven't made herself as admin of the…


Hi guys, I’m Shubham Bhamare from Maharashtra, India. As I promised in my previous write-up, here’s my first Facebook bug bounty write-up. Finally! 😂

I know it’s too late to publish this write-up as this bug was found and rewarded in 2018. I’m extremely sorry for that. Anyways, I’m going to publish all my other findings too in coming days.

So without wasting time, let's start! 👉

===

Description:

This issue could've accidentally revealed the identity of Facebook page admin under certain circumstances.

In Facebook, page admin’s roles are secret. Disclosing the identity of page admin may cause a significant…


Hi guys, I’m Shubham Bhamare from Maharashtra, India. It’s my first bug bounty write-up about my first valid bug which could have allowed a malicious user to takeover any account on that target site.

So let's start! 👉

===

Target:

As I can’t disclose the name of the company, let’s call it as “Target”. While using their website, I found that there should be something unintended.

But unfortunately, they wasn’t running any bug bounty program. But due to the severity of this bug and huge number of their users, I decided to contact them via email and ask them whether…

Shubham Bhamare

An ORDINARY guy with EXTRAORDINARY dreams!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store