[ #bugbountytips ]
An ATO case which only works if your target doesn't verify your email immediately:

1.Sign up using the victim's (FB)Email address and Username.
2.Then use FB Oauth with the same details to sign up.
3. You might get logged in to the same account.

Sev- P2/P3
Explanation-After signing up with the victim's FB email and username set a random password for that account.
Then use FB OAuth with the same email and username but the password must be the FB password. The user already exists with these details so you may get logged in as victim.
We don't need to have the victim's FB account. We just need their FB email and username. Use these both to create an acc and set a password. If the victim uses FB OAuth with these details, the victim may get logged in to the same account created by us, hence we share an account.
You can follow @KabirSuda.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cálculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more