The Indian researcher Arul Kumar (An Indian researcher) According to his write-up he elucidated the Facebook flaw thoroughly, which capitalizes on the Facebook Support Dashboard. It was classed “critical” and was most effective when applied to mobile devices, although the bug also applied to any browser and version.
Normally the Facebook Support Dashboard works by sending Photo Removal requests to the company. These requests, after being reviewed by Facebook employees, result in a link being generated for the owner to click and remove the photo. Where the process went wrong was when the message was sent, two parameters were vulnerable. This resulted in the hacker being able to modify these and receive any photo removal link in their own inbox, without the owner even knowing.
Arul Kumar said that as a result of the bug, any photo could be removed from pages and users, shared and tagged images could be deleted and photos could be removed from groups, pages and suggested posts.
Facebook’s Bug Bounty program, which encourages researchers to report what they find for a financial reward, has given Mr Kumar $12,500 for his findings. It has also fixed the bug.
[Image via quickbytes]
No comments:
Post a Comment