Palestinian Hacker vulnerability details on Mark Zuckerburg's Timeline.
A Palestinian Web Developer and Hacker, "Khalil Shreateh" found an interesting vulnerability in Facebook, that allows Hacker to bypass the Privacy Settings to make a post on anyone's timeline/wall.
He was forced to post vulnerability details on Mark Zuckerburg (Facebook founder) Timeline to prove his point, after the Facebook security team failed to recognize his critical vulnerability three times. The flaw even working for those victims, who is not included in the attackers friends list.
According to Facebook's Bug bounty program, a researcher has to submit the flaw details via email to Facebook Security team without disclosing the details in Public. In order to get the minimum reward of US$500, the flaw should be valid.
The reported vulnerability is in "Composer.php" file on Facebook mechanism. First Khalil made a post on the timeline of a girl "Sarah Gooden" who studied at the same college as Facebook CEO Mark Zuckerburg.
But Facebook security team was not able to reproduce the bug at first time and they replied "Sorry, this is not a bug". At last he explained his disappointing experience witht he security team and flaw details on Zuck's wall to prove his report and just after he received a response from a Facebook engineer requesting all the details about the vulnerability.
After receiving the third bug report, a facebook security engineer finally admitted the vulnerability but said that Khalil won't be paid for reporting it because his actions violated the website's security terms of services
Thanks
Regards
Toxic Hack
Subscribe to me on Facebook
Mohammad Ammad
or
Like my Page
Mohammad Ammad
or
Follow me on Twitter
Mohammad Ammad
He was forced to post vulnerability details on Mark Zuckerburg (Facebook founder) Timeline to prove his point, after the Facebook security team failed to recognize his critical vulnerability three times. The flaw even working for those victims, who is not included in the attackers friends list.
According to Facebook's Bug bounty program, a researcher has to submit the flaw details via email to Facebook Security team without disclosing the details in Public. In order to get the minimum reward of US$500, the flaw should be valid.
The reported vulnerability is in "Composer.php" file on Facebook mechanism. First Khalil made a post on the timeline of a girl "Sarah Gooden" who studied at the same college as Facebook CEO Mark Zuckerburg.
But Facebook security team was not able to reproduce the bug at first time and they replied "Sorry, this is not a bug". At last he explained his disappointing experience witht he security team and flaw details on Zuck's wall to prove his report and just after he received a response from a Facebook engineer requesting all the details about the vulnerability.
After receiving the third bug report, a facebook security engineer finally admitted the vulnerability but said that Khalil won't be paid for reporting it because his actions violated the website's security terms of services
Thanks
Regards
Toxic Hack
Subscribe to me on Facebook
Mohammad Ammad
or
Like my Page
Mohammad Ammad
or
Follow me on Twitter
Mohammad Ammad
No comments:
Post a Comment