Javascript Decoder

 

 

 

Vulnerability Type
Privacy / Authentication
 
Vulnerability Scope
Main Site (www.facebook.com)
 
 
Title
Friends and Friends of Friends Tag Exploit
 
 
Description and Impact
 
users can tag friends (tested) and friends of friends (will be test later) in a post that friends cant remove the tag (untag) themself
 
 
 
Reproduction Instructions / Proof of Concept
To exploit this follow :
1 - create a new post with link preview and any text example: facebook security page https://www.facebook.com/security
 
2- Tag your friend(s) from the tag box beside feeling and place button .
 
3- click post .
 
now your friend will not be able to untag themself from your post .
 
POC VIDEO :

 

khalil shreateh

Share your comment publicly