Jane Manchun Wong
Loves seeing how things work underneath.
~1 min
Turn ZEIT into a Spectrum proxy
Abuse ZEIT API server for proxying Spectrum using arbitary GraphQL query.
~4 mins
Shopping Turned Into Breaking In Store's Network
SSRF using arbitrary GraphQL query.
~3 mins
Pilot Into Facebook Group Support
Invite myself into the study group of an unreleased Facebook feature and annoy employees.
~1 min
Create Organic Pixel for Any Facebook Page
Leverage an unreleased feature to create pixels for any Page on Facebook.
~3 mins
Disclose Facebook Server Info With A Strange Poll
Trigger a server-side logic flaw which leads to leaking internal server information.
~1 min
De-anonymize User in Facebook Feed Preview
Retrieve Facebook user's real IP while they are previewing feed on Facebook.
~1 min
View Insights for Any Facebook Marketplace Product
Leak private sales information on Facebook Marketplace using GraphQL.
~2 mins
Dox Facebook Employees Behind “Did You Know”
Uncloak Facebook Employee's Identity using GraphQL.
~1 min
Reveal Communities for Anyone on Facebook
Peek any stranger on which communities they belong to on Facebook.
~1 min
Nearest distance to Vice President Biden
Vice President Biden took a visit to UMass Dartmouth campus.