fbpx

Facebook: Bypass Admin Roles - July/2014

Vulnerability Type
Privacy / Authentication
Vulnerability Scope
Main Site (www.facebook.com)
Title
Bypass Admin Roles
Product / URL
Facebook pages
Description and Impact
Edit any facebook page to be community page for the attacker page
                                    Exploit Coded Into Chrome Extension by khalil shreateh
 
A Loophole in one of facebook pages functions allowed me to bypass admin roles and edit any facebook page, and the result was : 

 
As the picture above shows, editing any facebook page to be a community page for my official facebook page . 
 
 
                                                 Facebook security reply after POC
 
Description and Impact
Attacker can change facebook pages such as celebrities, politics, companies pages and use that edit for his own, even to post a message by creating a fake page and lead the victim pages fans to his page . 
 
Reading this picture will make it more clear for you about how much this exploit is dangerous:
 
 
Bounty : 2500$
 

للدعم شارك مع اصدقائك