Facebook is Hackable through a Script from 11 Months
---------------------------------------------------------------------------------------------
An Indian security researcher named Vivek Bansal reported about an issue, which he found in facebook an year ago, and for finding that issue, he got $2000 as per the bug bounty program produced by Facebook itself, but was shocking to hear from Vivek that the same bug still existed and a master developer is able to post malicious or promotional links to your friends timeline without taking permission from you.
If it is confusing you, then you can see the screenshot below, in which a notification comes like someone posted on your timeline. In the pic below Vivek was the guy who posted on her friends timeline, but actually he didn’t post, the post originally posted by the developer ends through a script which is made by Vivek.
Vivek notified the Facebook Security team about the issue last year in December and got a reply by saying that the issue has been identified by team and now Vivek can publicize this bug.
“Been around 11months back I had written a script where through any
mobile/web application I can post any message, image or video on user’s
and his friend’s timeline on behalf of user without taking any prior
permission”—VIVEK BANSAL.
---------------------------------------------------------------------------------------------
About the Vulnerability:
---------------------------------------------------------------------------------------------
This vulnerability is from the developer end, For example; Whenever you use an app of Facebook, a notification comes which tells us about the permissions being given to the App like accessing contacts, profile and more, but Vivek shows through a Demo video that an App which only able to access your Basic Info able to post anything on your friends timeline without using your credentials.
This vulnerability used by the some of the notorious developers
Facebook decided to nominate Vivek for the Bug Bounty of USD 2000 and also included him in the HALL OF FAME.
You are thinking about the script made by Vivek, but unfortunately this will be remain Anonymous until the vulnerability fixed.
This vulnerability still persist in the Facebook systems, tells us that How Loose Facebook security researchers are in patching the Vulnerability, this is a bug that allows an attacker to earn money by clicking on links, installing malware upon clicking the links and more.
---------------------------------------------------------------------------------------------
An Indian security researcher named Vivek Bansal reported about an issue, which he found in facebook an year ago, and for finding that issue, he got $2000 as per the bug bounty program produced by Facebook itself, but was shocking to hear from Vivek that the same bug still existed and a master developer is able to post malicious or promotional links to your friends timeline without taking permission from you.
If it is confusing you, then you can see the screenshot below, in which a notification comes like someone posted on your timeline. In the pic below Vivek was the guy who posted on her friends timeline, but actually he didn’t post, the post originally posted by the developer ends through a script which is made by Vivek.
Vivek notified the Facebook Security team about the issue last year in December and got a reply by saying that the issue has been identified by team and now Vivek can publicize this bug.
“Been around 11months back I had written a script where through any
mobile/web application I can post any message, image or video on user’s
and his friend’s timeline on behalf of user without taking any prior
permission”—VIVEK BANSAL.---------------------------------------------------------------------------------------------
About the Vulnerability:
---------------------------------------------------------------------------------------------
This vulnerability is from the developer end, For example; Whenever you use an app of Facebook, a notification comes which tells us about the permissions being given to the App like accessing contacts, profile and more, but Vivek shows through a Demo video that an App which only able to access your Basic Info able to post anything on your friends timeline without using your credentials.
This vulnerability used by the some of the notorious developers
Facebook decided to nominate Vivek for the Bug Bounty of USD 2000 and also included him in the HALL OF FAME.
You are thinking about the script made by Vivek, but unfortunately this will be remain Anonymous until the vulnerability fixed.
This vulnerability still persist in the Facebook systems, tells us that How Loose Facebook security researchers are in patching the Vulnerability, this is a bug that allows an attacker to earn money by clicking on links, installing malware upon clicking the links and more.
No comments:
Post a Comment