Vulnerability Type
Privacy / Authentication
Vulnerability Scope
Main Site (www.facebook.com)
Title
Friends and Friends of Friends Tag Exploit
Description and Impact
users can tag friends (tested) and friends of friends (will be test later) in a post that friends cant remove the tag (untag) themself
Reproduction Instructions / Proof of Concept
To exploit this follow :
1 - create a new post with link preview and any text example: facebook security page https://www.facebook.com/security
2- Tag your friend(s) from the tag box beside feeling and place button .
3- click post .
now your friend will not be able to untag themself from your post .
Bounty : 1500$