Overview
Learn about a successful bug bounty hunt at Meta through this 28-minute conference talk delivered in Spanish at Ekoparty Security Conference 2024. Follow along as Adrian Pedrazzoli shares his journey of discovering and reporting his first vulnerability to Meta - an unrestricted file upload that escalated to Remote Code Execution (RCE). Discover the initial motivation, search methodology, exploitation process, and experience interacting with Meta's bug triage team. Gain valuable insights particularly relevant for beginners entering bug bounty hunting who are interested in exploring Meta's platform.
Syllabus
From survey.js to RCE in Meta - Adrian Pedrazzoli - Ekoparty 2024
Taught by
Ekoparty Security Conference