The Latest in IT Security

Researcher Discovers Facebook Flaw that Allowed Hackers to Delete Posted Photos

04
Sep
2013

fb_iconIndian Kumar discovered a flaw on that would have allowed hackers to delete any posted photo they wanted on the site. Through the site’s White Hat program, Kumar has been paid $12,500 for his efforts.

The bug worked by exploiting Facebook’s Support , and functioned on any browser and with any version of Facebook. According to Kumar, the bug was actually most effective on . The Facebook Support function allows users to send Photo to the site, which are reviewed by employees who can then send a link or report back to the user allowing them to remove the image.

However, this bug allows hackers to receive the “delete photo” link themselves without the actual owner of the image ever finding out. could essentially exploit the code by changing a few numerals in a page’s URL to send the “delete photo” link to themselves, and could take down on individual , group pages, and more. It’s a frighteningly simple bug, and that’s most likely why Kumar received such a hefty payday; the minimum bug bountypaid out by Facebook is $500, and the average is typically around $1,500.

 

Leave a reply


Categories

TUESDAY, OCTOBER 23, 2018
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks