Josip Franjković web security consultant

Bug bounties

Getting any Facebook user's friend list and partial payment card details

written on March 9th, 2018

Read more

Bug bounties

Taking over Facebook accounts using Free Basics partner portal

written on February 7th, 2018

Read more

Bug bounties

Hacking Facebook accounts using CSRF in Oculus-Facebook integration

written on January 15th, 2018

Read more

Bug bounties

Stealing Facebook access_tokens using CSRF in device login flow

written on July 19th, 2016

Read more

Bug bounties

Race conditions on the web

written on July 12th, 2016

Read more

Bug bounties

Facebook CSRF leading to full account takeover (fixed)

written on October 18th, 2013

Read more

Bug bounties

The easiest bug bounties I have ever won

written on July 13th, 2015

Read more on archived blog

Bug bounties

Race conditions on Facebook, DigitalOcean and others (fixed)

written on April 27th, 2015

Read more on archived blog

Bug bounties

Reading local files from Facebook's server (fixed)

written on December 6th, 2014

Read more on archived blog

Bug bounties

Step-by-step: exploiting SQL injection(s) in Oculus' website

written on September 5th, 2014

Read more on archived blog

Bug bounties

Secondary damage bugs on Facebook - one report leads to more bugs

written on November 21st, 2013

Read more on archived blog

Bug bounties

SQL injections on Nokia sites

written on July 30th, 2013

Read more on archived blog

Bug bounties

How I found my way into Instagram's Ganglia, and a bug with Facebook likes

written on July 23rd, 2013

Read more on archived blog

Bug bounties

Google.com cross site scripting and privilege escalation in Consumer Surveys

written on January 3rd, 2013

Read more on archived blog