Category: Exploit

Massive security flaw in Facebook and why should they fix it immediately before I take your girlfriend out to dinner tonight

Ok, Facebook Groups has a huge security flaw by which any group member  can pretend to be anyone else in that group, and post in the group on behalf of that user. It is FATAL. I’ve reported to Facebook and I hope they should take immediate action for it.

I had disclosed it in details hoping that they will notice it and fix it quickly, and taking it down again. So if any Facebook official wants to know in details, drop me a mail to hasin_at_leevio_dot_com or better check today’s submitted bug reports with a “MASSIVE SECURITY FLAW” text inside it.

Peace.
*update: submitted this again to facebook.com via their whitehat program and someone named Alex contacted me. He asked me a few questions on how to reproduce the flaw and he said that they are looking into it.