The Latest Vulnerability in Facebook revealed by an Indian Security Researcher named “Arul Kumar”, he found out an vulnerability which could allow to delete photo of any Facebook user within a minute.
Within a Minute, yes it is like that, he found a Loop hole in The Support Dashboard of Facebook, he also explained the Vulnerability in his blog, he writes:
Vulnerable URL & Parameters:
https://m.facebook.com/report/social/?phase=0&next_phase=8&pp={"first_dialog_phase": 8,"support_dashboard_item_id":396746693760717,"next":"\/settings\/support\/details\/?fbid=396746693760717","actions_to_take":"{\"send_message\":\"send_message\"}"}&content_type=2&cid=PHOTO_ID&rid=PROFILE_ID
After Including those values ,Press enter.Then If you click “Continue” Button Facebook will automatically send photo Removal Link to your Receiver Profile.From your Receiver Profile,You can able to remove photo which you have added in that Vulnerable Parameter.Now this Bug has been Fixed fully.
He also uploaded a video to show the vulnerability:
Facebook also awarded him $12,500 as he reported this vulnerability to Facebook Security team, last month a security researcher from Palestine hacked Mark Zuckerberg’s Timeline to report a BUG but was not awarded because he violated the terms & conditions of Facebook. Later a donation campaign raised thousands of dollars for him.
Today, the hacker who hacked the Mark’s timeline gets his own account hacked by a hacker, who used Brute Force attack to crack his password.
