Facebook: Bypass Admin Roles - July/2014
Vulnerability Type
Privacy / Authentication
Privacy / Authentication
Title
Bypass Admin Roles
Bypass Admin Roles
Product / URL
Facebook pages
Facebook pages
Description and Impact
Edit any facebook page to be community page for the attacker page
Edit any facebook page to be community page for the attacker page
Exploit Coded Into Chrome Extension by khalil shreateh
A Loophole in one of facebook pages functions allowed me to bypass admin roles and edit any facebook page, and the result was :
As the picture above shows, editing any facebook page to be a community page for my official facebook page .
Facebook security reply after POC
Description and Impact
Attacker can change facebook pages such as celebrities, politics, companies pages and use that edit for his own, even to post a message by creating a fake page and lead the victim pages fans to his page .
Reading this picture will make it more clear for you about how much this exploit is dangerous: