Vulnerabilities tagged 'interesting bug'

Three Facebook Bugs Leading to Account Takeover

tl;dr - The Oauth endpoint parses URL paramters redirect_uri and redirect_uri[0 (note the missing ]) as pointing to the same variable. Allowing the second to overwrite the first. The front-end however sees them as two distinct keys and so redirects the oauth token to the redirect_uri while the endpoint validates that the other value points to a whitelisted location

 

macOS Gatekeeper Bypass

Gatekeeper would misclassify certain types of applications allowing them to run without any restriction. Specifically you can cause a confusion in the policy engine regarding whether the app is bundled or not…

 
1
2