My Story with Onavo (a Facebook's Acquisition)- 1 min
When I was checking Facebook WhiteHat page, I realized that they added a new target on the scope, which is Onavo.
I downloaded their apps and started to intercept the links that I found.
One of the links raised an eye-brow. I said to myself that this looks vulnerable.
The link looks something like this:
So it looks like it is vulnerable to Open Redirect.
I executed the link this:
It redirected me to
Right now I have an Open Redirect vulnerability, but that’s not enough for me.
After digging up more on the nature of the page, I realized that it redirects me after about 2 seconds. So it looked something like this:
So I changed it to issue a redirection to
- Mar 16, 2014 - Reported
- Mar 17, 2014 - Email from Saul of Facebook Security acknowledging the issue.
- Apr 30, 2014 - The issue seems fixed to me. I emailed Facebook asking them about the current status
- May 1, 2014 - Email from Saul of Facebook Security saying informing that the issue has been patched
- May 1, 2014 - Received a payment email from Facebook
- Facebook WhiteHat of 2014 https://www.facebook.com/whitehat/thanks.
- Cash reward of $500.
- Participating in bug bounties gives you an experience in different locations, and it helps you building new ideas for security-related issues.
- If you have an open redirector vulnerability, you should test for XSS too.
- Never give up.
- Google UI-Redressing Bug That Discloses The User's Email Address
- Bypassing Google Password Alert with One Line of Code
- Facebook Messenger Multiple CSRF Vulnerabilities
- W3 Total Cache's W3TotalFail Vulnerability That Leads to Full Defacement (CVE-2014-9414)
- Session Hijacking in Instagram Mobile App via MITM Attack [0-DAY]