๐ฌ ATLAS SECURITY LAB
๐ฌ Vulnerabilities
Lab Vulnerabilities
โ
Stored XSS in Posts
Post body renders innerHTML โ try <script>alert(document.cookie)</script>
CSRF on Share/Like
POST /api/share?post_id=X โ no CSRF token required
IDOR on Profiles
GET /api/users/[ID] โ change ID to enumerate users
GraphQL Introspection
POST /graphql โ __schema exposed, no auth required
facebook
ุชูุงุตู ู ุน ุงูุฃุตุฏูุงุก ูุงูุนุงูู ู ู ุญููู ุนูู ููุณุจูู.
ุชุณุฌูู ุงูุฏุฎูู
ูู ูุณูุช ููู ุฉ ุงูู ุฑูุฑุ
ุฅูุดุงุก ุญุณุงุจ ุฌุฏูุฏ
ุฃูุดุฆ ุตูุญุฉ
ููู ุดููุฑ ุฃู ุงูุนูุงู ุฉ ุงูุชุฌุงุฑูุฉ ุฃู ุงููุดุงุท ุงูุชุฌุงุฑู.
๐ฌ LAB ACCOUNTS
atlas.security
/
fb123
victim.fb1
/
password1
fb.admin
/
admin2024
Token in localStorage โ session exposed
ุงูุนุฑุจูุฉ
English (UK)
Franรงais
Espaรฑol
Portuguรชs
+
ุชุณุฌูู
ุชุณุฌูู ุงูุฏุฎูู
Messenger
Facebook Lite
ููุฏูู
ุฃู ุงูู
ุฃูุนุงุจ
Marketplace
Meta Pay
Meta Store
Meta Quest
Meta ยฉ 2026
f
โ
๐ฌ
4
๐
7
๐ค
๐ค
๐ฅ
Live video
๐ท
Photo/video
๐
Feeling