Privacy / Authentication
Main Site (www.facebook.com)
Friends and Friends of Friends Tag Exploit
Description and Impact
users can tag friends (tested) and friends of friends (will be test later) in a post that friends cant remove the tag (untag) themself
Reproduction Instructions / Proof of Concept
To exploit this follow :
1 - create a new post with link preview and any text example: facebook security page https://www.facebook.com/security
2- Tag your friend(s) from the tag box beside feeling and place button .
3- click post .
now your friend will not be able to untag themself from your post .
POC VIDEO :