- Bypass Facebook Captcha on post spamm
- Simple bypass, just don't send the fields of the post that require the captcha and it goes through the endpoint where no captcha is needed.
- AKA, client side enforcement
- Facebook rejected the bug submission because they don't accept them for spam.
- Reported some time between 2010 and 2013
- Enumerate another users facebook friends (Cross Site Search Request) simillar to CSRF except data extraction instead of alteration
- Facebook Friend Enumeration
- Facebook rejected the bug submission so it is apparently something they are fine with me sharing
- Reported in 2016 or 2017