Vulnerability Type
Privacy / Authentication
Vulnerability Scope
Main Site (
Bypass Admin Roles
Product / URL
Facebook pages
Description and Impact
Edit any facebook page to be community page for the attacker page
                                    Exploit Coded Into Chrome Extension by khalil shreateh
A Loophole in one of facebook pages functions allowed me to bypass admin roles and edit any facebook page, and the result was : 

As the picture above shows, editing any facebook page to be a community page for my official facebook page . 
                                                 Facebook security reply after POC
Description and Impact
Attacker can change facebook pages such as celebrities, politics, companies pages and use that edit for his own, even to post a message by creating a fake page and lead the victim pages fans to his page . 
Reading this picture will make it more clear for you about hwo much this exploit is dangerous:
I recorded this video explaining the damage that can occured for this vulnerability and how it works :

This vulnerability patched and doesnt work any more .
Feel free to leave your comment .