home.social

#datadisclosure — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #datadisclosure, aggregated by home.social.

  1. Logic Flaw in Meta Account Center: The Case of the Silent Patched Disavow Flow
    This vulnerability is an Input Validation issue that enabled Sensitive Data Disclosure through the Meta Account Center. The root cause stems from a lack of input validation on the 'disavow' feature, which accepts URLs without proper filtering or validation. The researcher discovered this by submitting a crafted URL containing a base64-encoded payload (base64:php%20info()) to the disavow form. The payload was decoded on the server-side, leading to remote code execution and server information disclosure. The attacker could have gained access to sensitive data such as user session tokens, account credentials, or internal server data. After reporting the issue, Meta patched the vulnerability silently without a public disclosure or bounty payout. Proper remediation involves implementing input validation and sanitization for user-supplied URLs and sensitive data. Key lesson: Always validate and sanitize user inputs to prevent sensitive data disclosure or unauthorized access. #BugBounty #Cybersecurity #InputValidation #DataDisclosure #WebSecurity

    evangeliux.medium.com/logic-fl

  2. Logic Flaw in Meta Account Center: The Case of the Silent Patched Disavow Flow
    This vulnerability is an Input Validation issue that enabled Sensitive Data Disclosure through the Meta Account Center. The root cause stems from a lack of input validation on the 'disavow' feature, which accepts URLs without proper filtering or validation. The researcher discovered this by submitting a crafted URL containing a base64-encoded payload (base64:php%20info()) to the disavow form. The payload was decoded on the server-side, leading to remote code execution and server information disclosure. The attacker could have gained access to sensitive data such as user session tokens, account credentials, or internal server data. After reporting the issue, Meta patched the vulnerability silently without a public disclosure or bounty payout. Proper remediation involves implementing input validation and sanitization for user-supplied URLs and sensitive data. Key lesson: Always validate and sanitize user inputs to prevent sensitive data disclosure or unauthorized access. #BugBounty #Cybersecurity #InputValidation #DataDisclosure #WebSecurity

    evangeliux.medium.com/logic-fl

  3. Absolutely love what Dr. DeBenedictis is up to here!

    Weekly updates on science progress, out to the world. Communication of data in a different way, for a different reason, than your typical academic article.

    erikaaldendeb.substack.com/p/e

    #publishing #writing #OpenScience #DataDisclosure

  4. Absolutely love what Dr. DeBenedictis is up to here!

    Weekly updates on science progress, out to the world. Communication of data in a different way, for a different reason, than your typical academic article.

    erikaaldendeb.substack.com/p/e

    #publishing #writing #OpenScience #DataDisclosure

  5. Absolutely love what Dr. DeBenedictis is up to here!

    Weekly updates on science progress, out to the world. Communication of data in a different way, for a different reason, than your typical academic article.

    erikaaldendeb.substack.com/p/e

    #publishing #writing #OpenScience #DataDisclosure

  6. Absolutely love what Dr. DeBenedictis is up to here!

    Weekly updates on science progress, out to the world. Communication of data in a different way, for a different reason, than your typical academic article.

    erikaaldendeb.substack.com/p/e

    #publishing #writing #OpenScience #DataDisclosure