An Indian hacker named Varun contacted us through email and claimed to delete the admin of any Facebook page through a Zero-Day Facebook Exploit. Well, we were also shocked after viewing the mail and we tried every effort to verify the claim, but till now at the time of publishing we were unable to verify it.
Hacker also placed the exploit on sale for $5000 at http://1337day.com, 1337day is a website which has the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals.
A YouTube video was also attached by the hacker to make people believe about the exploit, but in real we are unable to verify the claim throughout the video also, because the video shows only the result of the exploit (deleted admin from a facebook page) it does not contain the process that hacker used, below is the screenshot from the video which shows the exploit result:
Above image shows a Facebook page without an admin, and according to fb, a page must have at least one admin, but there is not any admin in the above screenshot. Hacker claims to do this through his exploit and selling it out for worth $5000.
Detailed info of Exploit by hacker:
It is possible to delete the admin of any page just with a single click.This can also be converted into a bot or a worm leading to the deletion of admin of thousands of pages.
It is also possible to fully automate this worm.It is very effective when we aim for wide spread attack.Targeted attacks are also possible.This bug is not available public.This bug is tested against hundred’s for pages and is found working 100%.
Hacker also claims that it is not yet fixed by Facebook security team.
Still it is hard to believe about the working of exploit, but we are not totally regretting it, in-case it is real, hope Facebook patches it shortly.