Categories
Exploit Facebook Facebook Graph API PHP Security Vulnerable

Massive security flaw in Facebook and why should they fix it immediately before I take your girlfriend out to dinner tonight

Ok, Facebook Groups has a huge security flaw by which any group member  can pretend to be anyone else in that group, and post in the group on behalf of that user. It is FATAL. I’ve reported to Facebook and I hope they should take immediate action for it.

I had disclosed it in details hoping that they will notice it and fix it quickly, and taking it down again. So if any Facebook official wants to know in details, drop me a mail to hasin_at_leevio_dot_com or better check today’s submitted bug reports with a “MASSIVE SECURITY FLAW” text inside it.

Peace.
*update: submitted this again to facebook.com via their whitehat program and someone named Alex contacted me. He asked me a few questions on how to reproduce the flaw and he said that they are looking into it.

20 replies on “Massive security flaw in Facebook and why should they fix it immediately before I take your girlfriend out to dinner tonight”

This type of Bugs are badly uses in so many way. Social Engineering is an art of Hacking. If this vulnerability really works, FB users are in risk right now. But, please, do not publish real Exploit.Just wait for FB reply.

Anyway, Congratulation. 😀

oh ya right, and then people like tinkertim come and starts calling me by name and you guys enjoy that sitting in the gallery, eh?

that stupid guy was right – who the fuck I am to care for the bug – and why should I.

Leave a Reply

Your email address will not be published. Required fields are marked *