H5N1 safety researcher has discovered a critical vulnerability inwards Facebook that could allow attackers to delete whatever video of the social networking site shared yesteryear anyone on their wall.
The flaw has been discovered yesteryear safety researcher delete whatever video on Facebook shared yesteryear anyone without having whatever permission or authentication but too to disable commenting on the video of your choice.
Here's how to exploit this flaw:
In gild to exploit this vulnerability, Melamed firstly created a populace effect on the Facebook page in addition to uploaded a video on the Discussion business office of the event.
While uploading the video, the researcher tampered the POST asking using Fiddler in addition to and then supervene upon the Video ID value of his video amongst Video ID value of whatever other video on the social media platform.
Although Facebook responded to this number amongst a server error, i.e. "This content is no longer available," but the novel video was successfully got posted in addition to displayed simply fine.
Once this chore was accomplished, Melamed deleted his effect post, which eventually deleted the attached video.
And approximate what? This inwards turned removed the video from the social networking site in addition to the wall of the victim.
For to a greater extent than stride yesteryear stride details most the vulnerability in addition to how it works, you lot tin hand the axe sentinel the proof-of-concept video demonstration higher upwards which shows the Facebook video deletion laid upwards on inwards action.
Melamed responsibly reported the vulnerability to the Facebook safety team, which patched the vulnerability inside ii weeks at the get-go of this year.
Shortly afterward patching the flaw, the social media giant rewarded him $10,000 põrnikas bounty for his efforts.
This is non the real firstly fourth dimension when such vulnerability has been disclosed inwards Facebook that could convey allowed attackers to delete whatever video from Facebook. Bug bounty hunters continuously honour in addition to study such bugs to drib dead along the social media platform condom in addition to secure.
The flaw has been discovered yesteryear safety researcher delete whatever video on Facebook shared yesteryear anyone without having whatever permission or authentication but too to disable commenting on the video of your choice.
Here's how to exploit this flaw:
In gild to exploit this vulnerability, Melamed firstly created a populace effect on the Facebook page in addition to uploaded a video on the Discussion business office of the event.
While uploading the video, the researcher tampered the POST asking using Fiddler in addition to and then supervene upon the Video ID value of his video amongst Video ID value of whatever other video on the social media platform.
Advertiser
Although Facebook responded to this number amongst a server error, i.e. "This content is no longer available," but the novel video was successfully got posted in addition to displayed simply fine.
Once this chore was accomplished, Melamed deleted his effect post, which eventually deleted the attached video.
And approximate what? This inwards turned removed the video from the social networking site in addition to the wall of the victim.
"You volition too notice inwards the drib downwards department that at that spot is the alternative to "Turn off commenting." This allows you lot to disable commenting on the video of your choice," Melamed writes.
Video Demonstration
Melamed responsibly reported the vulnerability to the Facebook safety team, which patched the vulnerability inside ii weeks at the get-go of this year.
Shortly afterward patching the flaw, the social media giant rewarded him $10,000 põrnikas bounty for his efforts.
This is non the real firstly fourth dimension when such vulnerability has been disclosed inwards Facebook that could convey allowed attackers to delete whatever video from Facebook. Bug bounty hunters continuously honour in addition to study such bugs to drib dead along the social media platform condom in addition to secure.
