The flaw has been discovered yesteryear safety researcher delete whatever video on Facebook shared yesteryear anyone without having whatever permission or authentication but too to disable commenting on the video of your choice.
Here's how to exploit this flaw:
In gild to exploit this vulnerability, Melamed firstly created a populace effect on the Facebook page in addition to uploaded a video on the Discussion business office of the event.
While uploading the video, the researcher tampered the POST asking using Fiddler in addition to and then supervene upon the Video ID value of his video amongst Video ID value of whatever other video on the social media platform.
Although Facebook responded to this number amongst a server error, i.e. "This content is no longer available," but the novel video was successfully got posted in addition to displayed simply fine.
Once this chore was accomplished, Melamed deleted his effect post, which eventually deleted the attached video.
And approximate what? This inwards turned removed the video from the social networking site in addition to the wall of the victim.
"You volition too notice inwards the drib downwards department that at that spot is the alternative to "Turn off commenting." This allows you lot to disable commenting on the video of your choice," Melamed writes.
Video Demonstration
Melamed responsibly reported the vulnerability to the Facebook safety team, which patched the vulnerability inside ii weeks at the get-go of this year.
Shortly afterward patching the flaw, the social media giant rewarded him $10,000 põrnikas bounty for his efforts.
This is non the real firstly fourth dimension when such vulnerability has been disclosed inwards Facebook that could convey allowed attackers to delete whatever video from Facebook. Bug bounty hunters continuously honour in addition to study such bugs to drib dead along the social media platform condom in addition to secure.
