Vulnerability Type
Privacy / Authentication
Vulnerability Scope
Main Site (www.facebook.com)
Title
Post on hidden facebook timelines
Product / URL
https://www.facebook.com/
Description and Impact
You may not understand what I'm saying unless you look at the video given above. I Have uploaded a video that shows the exploitation of the bug, however, script code isn't shown in the video.
I made a java script code, after running this code we can see that we posted on hidden timelines. You can see that in the screenshot.
First response from Facebook Security team:
Before finding something odd, facebook patched the bug.
Reproduction Instructions / Proof of Concept
For better understanding , please watch the video: https://www.youtube.com/watch?v=We84sG1MmSEscript
I reported the bug to Facebook Security team. As the bug was not so serious Facebook Security team confirmed that bug doesn't produces any privacy or security risk and it isn't eligible to be considered as a bug and also I will not get any bounty payout.
I completely agree with Facebook Security team.
This bug is patched and now I can't post on these hidden timelines.
Privacy / Authentication
Vulnerability Scope
Main Site (www.facebook.com)
Title
Post on hidden facebook timelines
Product / URL
https://www.facebook.com/
Description and Impact
You may not understand what I'm saying unless you look at the video given above. I Have uploaded a video that shows the exploitation of the bug, however, script code isn't shown in the video.
I made a java script code, after running this code we can see that we posted on hidden timelines. You can see that in the screenshot.
First response from Facebook Security team:
Before finding something odd, facebook patched the bug.
Reproduction Instructions / Proof of Concept
For better understanding , please watch the video: https://www.youtube.com/watch?v=We84sG1MmSEscript
I reported the bug to Facebook Security team. As the bug was not so serious Facebook Security team confirmed that bug doesn't produces any privacy or security risk and it isn't eligible to be considered as a bug and also I will not get any bounty payout.
I completely agree with Facebook Security team.
This bug is patched and now I can't post on these hidden timelines.
Vulnerability Type
Privacy / Authentication
Vulnerability Scope
Main Site (www.facebook.com)
Title
Post on hidden facebook timelines
Product / URL
https://www.facebook.com/
Description and Impact
You may not understand what I'm saying unless you look at the video given above. I Have uploaded a video that shows the exploitation of the bug, however, script code isn't shown in the video.
I made a java script code, after running this code we can see that we posted on hidden timelines. You can see that in the screenshot.
First response from Facebook Security team:
Before finding something odd, facebook patched the bug.
Reproduction Instructions / Proof of Concept
For better understanding , please watch the video: https://www.youtube.com/watch?v=We84sG1MmSEscript
I reported the bug to Facebook Security team. As the bug was not so serious Facebook Security team confirmed that bug doesn't produces any privacy or security risk and it isn't eligible to be considered as a bug and also I will not get any bounty payout.
I completely agree with Facebook Security team.
This bug is patched and now I can't post on these hidden timelines.
Privacy / Authentication
Vulnerability Scope
Main Site (www.facebook.com)
Title
Post on hidden facebook timelines
Product / URL
https://www.facebook.com/
Description and Impact
You may not understand what I'm saying unless you look at the video given above. I Have uploaded a video that shows the exploitation of the bug, however, script code isn't shown in the video.
I made a java script code, after running this code we can see that we posted on hidden timelines. You can see that in the screenshot.
First response from Facebook Security team:
Before finding something odd, facebook patched the bug.
Reproduction Instructions / Proof of Concept
For better understanding , please watch the video: https://www.youtube.com/watch?v=We84sG1MmSEscript
I reported the bug to Facebook Security team. As the bug was not so serious Facebook Security team confirmed that bug doesn't produces any privacy or security risk and it isn't eligible to be considered as a bug and also I will not get any bounty payout.
I completely agree with Facebook Security team.
This bug is patched and now I can't post on these hidden timelines.
by Jillur Rahman
Jillur Rahman is a Web designers. He enjoys to make blogger templates. He always try to make modern and 3D looking Templates. You can by his templates from Themeforest.
Follow him @ Twitter | Facebook | Google Plus
No Comment