The engineer, Baraa Habab, stated on his Facebook account that a critical vulnerability had been discovered on the website of an IT company that provides security services for large global banks in Egypt
The vulnerability consisted of Cross-site scripting (XSS), which allows the hacker to inject “malicious code” into the site until it accesses the database and asks the database to show the information stored in it in the form of an “error message
This vulnerability is used to steal cookies, or the unique address of a user’s browser session ID. The engineer, Baraa Habab, works as a support developer at Facebook, and was able to discover several vulnerabilities on the Facebook site previously. He discovered more than one vulnerability on the Facebook platform, and was able to access the page of the second founder of the Facebook company, and wrote, “There is no 100% protection, always.” There is a missing loophole, which later led him to work with the global Facebook company
#waterlootimes
