https://vagmour.eu/facebook-open-red...ering-job-too/


Código:
Timeline:

12th of Nov 2015 | Initial bug report
12th of Nov 2015 | Reply from FB bot that it is false positive
12th of Nov 2015 | Added more clarification for the bug
16th of Nov 2015 | Reply from facebook that they use a blacklist method on their next_uri
16th of Nov 2015 | Sent POC videos of the bug that show the impact of the vulnerability
18th of Nov 2015 | Reply from facebook that i am redirecting to a non blacklisted site
18th of Nov 2015 | Explaining why url blacklisting is not the solution for the specific bug
26th of Nov 2015 | Reply from fb that security impact of this bug is not significant.
6th of Dec 2015 | Public post of the bug