Unofficial: Ash King

Unofficial: Ash King πŸ”’ Security Researcher πŸ“ Gosport, UK
πŸ† Hacking for Fun and Profit

I found an interesting vulnerability in Facebook that affected the ad component "Instant Experiences".Reported: April 28...
18/07/2025

I found an interesting vulnerability in Facebook that affected the ad component "Instant Experiences".

Reported: April 28 2025
Fixed: July 17 2025

Ash King - Software Developer & Security Researcher

My post was removed for some time due to an incomplete fix. 10 months later, I'm now allowed to share again!Learn how a ...
15/12/2022

My post was removed for some time due to an incomplete fix. 10 months later, I'm now allowed to share again!

Learn how a page could trick their visitors into launching internal deeplinks via the app

https://www.ash-king.co.uk/blog/abusing-Facebooks-call-to-action-to-launch-internal-deeplinks

A page is able to add a `Call to action` (CTA) button against their page. This tool is designed for user engagement allowing a page admin to redirect visitors to their website, app, inbox, WhatsApp etc. It is possible for a page admin to abuse this feature and launch Facebook's internal deeplinks. i...

29/09/2022

was such a great experience. I found an awesome "page admin disclosure" that got me ranked 5th out of 100 hackers but I also got some reports rejected. Here's a list of rejected issues πŸ‘‡

1) MBS – Download media from Sound collection without agreeing to the terms of use - not a vulnerability πŸ™ƒ

2) Disclose a list of created events for any user (friendship not required) - public events are only exposed so below the bar..

3) Disclose albums of any user - only the name of the album and the amount of photos were disclosed, again, below the bar

Overall, the event was fantastic! Met some great hackers and the hospitality throughout was on point πŸ‘ŒLearnt some new techniques from various talks by the Meta & Google employees as well as some talks from a few of the top hackers on fb.

Would 100% recommend to anyone in this industry. The whole experience is just invaluable!

25/09/2022

is officially over!

Massive shout out to the team at Meta Bug Bounty for putting this altogether, they really do know how to look after their hackers :)

Top hospitality and great venues, I look forward to ;)

Soooo this happened!
25/09/2022

Soooo this happened!

24/09/2022
Singapore is awesome! The heat is defintely something but the views are amazing. Didn't explore far tonight but ill be s...
23/09/2022

Singapore is awesome! The heat is defintely something but the views are amazing. Didn't explore far tonight but ill be sure to have a proper look around between events.

1st stop, Dubai πŸ›©
22/09/2022

1st stop, Dubai πŸ›©

22/09/2022

On route to for !

Acknowledged by Xero, this time round I got an acknowledgement letter
17/08/2022

Acknowledged by Xero, this time round I got an acknowledgement letter

πŸ₯³ πŸ‡ΈπŸ‡¬
16/07/2022

πŸ₯³ πŸ‡ΈπŸ‡¬

Address

Gosport

Alerts

Be the first to know and let us send you an email when Unofficial: Ash King posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to Unofficial: Ash King:

Share