Vulnerability Name: Page admin disclosure vulnerability
Impact :
This vulnerability allowes Facebook user to know who is the admin of any Facebook page
Details :
One of Facebook last year updates allows users to choose one of their pages usernames to leave a comment with, They replaced the old style where we was able to change from our page username to our account username from the top of the page . As you see in the above picture i have different usernames i can choose between to leave a comment on my page post or any other facebook page post .
After making few tests i was able to take the advantage of this new feature to exploit it in other behavior where i can know any page admin :) . Sorry there will be no code to display or POC video .
Timeline Report :
First Report : Oct 13, 2014 9:02pm
FB Reply : Oct 14, 2014 1:41am Asking for a POC Video and more information .
Second Report: Oct 14, 2014 7:53am POC Video Attached .
FB Reply: Oct 18, 2014 2:11am Failed To Exploit .
Third Report: Oct 18, 2014 7:49am More information and wondering why it did not work .. etc
FB Reply:
This Vulnerability Patched Weeks Ago.
Feel Free To Leave Your Comment