PoC: Hacking Facebook with HTML5 By @skeptic_fx

Facebook Graph API Access Token Stealing : Long live UI-Redressing A week after my first Facebook bounty  , i found another place where Facebook did the same mistake of not busting IFrames.And guess what , its another whole domain developers.facebook.com.It includes all the documentation and examples for using the Facebook Graph API and other products like the Legacy REST API , FQL ,