![]() ![]() I had to keep the request live in the proxy tab in Burpsuite to reproduce the bug successfully, sending it to repeater was giving me an error ( till now don’t know why).I was able reproduce the bug from any chat (Facebook main chat, messenger, workplace and portal chat) it doesn't matter since its the same.It works in all Facebook chat infrastructure ( Facebook main chat, messenger, portal chat and workplace chat).I can disclose any attachment for other users that been sent through the chat, those attachments includes ( images, files, videos and audio messages). ![]() POST /messaging/send/ HTTP/1.1 Host: client=mercury&action_type=ma-type:user-generated-message&body=&ephemeral_ttl_mode=0&has_attachment=true& image_ids=123&message_id=111&offline_threading_id=123Īs you can see in the above request there is an interesting parameter called image_ids which refers to the image that I uploaded in portal Facebook chat, I said what if I changed this ID to other user image ID, can I disclose his image!!!? what about other attachments (files, videos and audio messages) !! after testing a lot in portal chat I noticed below things: Then I noticed that you can upload attachments like, images, videos and files, once I saw that I said I need to test this upload feature, so I uploaded normal image and intercepted the request with Burpsuite to see what kind of parameters in the post request and I saw this: ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |