Vulnerability Type
Privacy / Authentication
Privacy / Authentication
Vulnerability Scope
Main Site (www.facebook.com)
Main Site (www.facebook.com)
Title
Bypass Admin Roles
Bypass Admin Roles
Product / URL
Facebook pages
Facebook pages
Description and Impact
Edit any facebook page to be community page for the attacker page
Edit any facebook page to be community page for the attacker page
Exploit Coded Into Chrome Extension by khalil shreateh
A Loophole in one of facebook pages functions allowed me to bypass admin roles and edit any facebook page, and the result was :
As the picture above shows, editing any facebook page to be a community page for my official facebook page .
Facebook security reply after POC
Description and Impact
Attacker can change facebook pages such as celebrities, politics, companies pages and use that edit for his own, even to post a message by creating a fake page and lead the victim pages fans to his page .
Reading this picture will make it more clear for you about hwo much this exploit is dangerous:
I recorded this video explaining the damage that can occured for this vulnerability and how it works :
https://www.youtube.com/watch?v=mNEY4p7XkXc
This vulnerability patched and doesnt work any more .
Feel free to leave your comment .