Weeks ago i posted " Facebook 0day authentication bypass vulnerability - [like + comment] on non-friends posts "
Last year Facebook start giving users the ability to change the username that they want to use to leave comments on pages, user can pick up one of his pages to leave comments on other pages posts, However this cant be produced on users posts, just for pages .
After i looked arround using Facebook mentions, i noticed that there is a way to leave comments on users public posts, whatever they restrict comments/likes for friends only, so i went a head and i made a report to Facebook security team.
Depend on their reply back to me, they said this cant be produced by any facebook user, and also the target user can deal with it (delete/block) .
It seems that Facebook is giving more privilege to Public Figures than other users, what do you thinks? is it legal ?!
Watch It On Youtube: http://youtu.be/
Note: Please do not copy this article without my permission .