Fitbit – APIs and Access Control Failures, a simple API bug allowed to harvest millions of user private activities!

 In this write-up we will show you how Seekurity team was able to harvest all the user’s private/custom activities leaves more than 20 million private custom activities data in danger. First of all, this write-up is not a new one and the discovery itself is dated back to 2017 but we decided to disclose it […]

Facebook API 2.x Bypassed!

This is the write up of my last Facebook Report, How I was able to bypass the permissions approvals system in the 2.x Facebook API Versions in 2 different ways. FIRST Flow : +++Flow discussion:

Previous page Next page

Scroll Up