An Indian hacker named Varun contacted us through email and claimed to delete the admin of any Facebook page through a Zero-Day Facebook Exploit. Well, we were also shocked after viewing the mail and we tried every effort to verify the claim, but till now at the time of publishing we were unable to verify it.
Hacker also placed the exploit on sale for $5000 at http://1337day.com, 1337day is a website which has the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals.
A YouTube video was also attached by the hacker to make people believe about the exploit, but in real we are unable to verify the claim throughout the video also, because the video shows only the result of the exploit (deleted admin from a facebook page) it does not contain the process that hacker used, below is the screenshot from the video which shows the exploit result:
Above image shows a Facebook page without an admin, and according to fb, a page must have at least one admin, but there is not any admin in the above screenshot. Hacker claims to do this through his exploit and selling it out for worth $5000.
Detailed info of Exploit by hacker:
It is possible to delete the admin of any page just with a single click.This can also be converted into a bot or a worm leading to the deletion of admin of thousands of pages.
It is also possible to fully automate this worm.It is very effective when we aim for wide spread attack.Targeted attacks are also possible.This bug is not available public.This bug is tested against hundred’s for pages and is found working 100%.
Hacker also claims that it is not yet fixed by Facebook security team.
Still it is hard to believe about the working of exploit, but we are not totally regretting it, in-case it is real, hope Facebook patches it shortly.
he is just bullshit this is fake because i research and get how is possible listen make new group offcourse u will be admin there add some ppl there and leave group u will see group will have no admin and all ppl who join have receive mail who want suggest new group admin when users seletect new admin so new admin come otherwise group without admin show sorry for my bed english this is suck a trick for scamming ppl and all indian mada fucker bullshit scammers try to scam ppl $5000 this is just bullshit anthing much
Fucker!!!this is not a group…this is a fucking page !!!you just dont know the difference between page and a group…
Actually it isn’t fake, but you do have to know the page’s id, and an admin’s id. I personally have recreated the vulnerabilitiy from what the video has shown, and I have tested it out, and it worked.
Not possible. Cannot be recreated.
Its Simple ClickJacking bug in FB page.I have reproduced it and mailed to FB security team.
Soon will be patched :) time is ticking :)