Khalil Shreateh specializes in cybersecurity, particularly as a "white hat" hacker. He focuses on identifying and reporting security vulnerabilities in software and online platforms, with notable expertise in web application security. His most prominent work includes discovering a critical flaw in Facebook's system in 2013. Additionally, he develops free social media tools and browser extensions, contributing to digital security and user accessibility.

Get Rid of Ads!


Subscribe now for only $3 a month and enjoy an ad-free experience.

Contact us at khalil@khalil-shreateh.com

The vulnerability is something new in hacking techniques, i called it Remote Code Crush (RCC) . 

Vulnerability Name: Facebook Remote Code Crush

Coded By : Khalil Shreateh

 

What is RCC Vulnerability ?

This type of vulnerabilities are different that Remote Code Execution (RCE) [The ability an attacker has to access someone else's computing device and make changes, no matter where the device is geographically located]. While RCC can change part of web application codes. 

Exploit

First i created a new post, then i tagged users on that post, after that i send a custom Payload to crush the tagged post . the tagged users (victims) will have no control on that post, they can not untag themselves, report it or even stop its notifications, because i crushed the post menu. 

RCC Screenshot: Menu crushed, replaced with "There was an error processing your request."

POC

This video recorded in both English and Arabic language, enjoy watching