Massive security flaw in Facebook and why should they fix it immediately before I take your girlfriend out to dinner tonight

Ok, Facebook Groups has a huge security flaw by which any group member  can pretend to be anyone else in that group, and post in the group on behalf of that user. It is FATAL. I’ve reported to Facebook and I hope they should take immediate action for it.

I had disclosed it in details hoping that they will notice it and fix it quickly, and taking it down again. So if any Facebook official wants to know in details, drop me a mail to hasin_at_leevio_dot_com or better check today’s submitted bug reports with a “MASSIVE SECURITY FLAW” text inside it.

Peace.
*update: submitted this again to facebook.com via their whitehat program and someone named Alex contacted me. He asked me a few questions on how to reproduce the flaw and he said that they are looking into it.

About these ads

21 thoughts on “Massive security flaw in Facebook and why should they fix it immediately before I take your girlfriend out to dinner tonight

  1. Hard to believe this kind of huge security flaw. But i like this line, ” who knows, I may take your secret crush out to dinner tonight pretending to be you” :D :D :D

  2. This type of Bugs are badly uses in so many way. Social Engineering is an art of Hacking. If this vulnerability really works, FB users are in risk right now. But, please, do not publish real Exploit.Just wait for FB reply.

    Anyway, Congratulation. :D

    • oh ya right, and then people like tinkertim come and starts calling me by name and you guys enjoy that sitting in the gallery, eh?

      that stupid guy was right – who the fuck I am to care for the bug – and why should I.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s