Bypass Facebook Protection/Block System
Description and Impact
As you know facebook protection system build to stop spammers and scammers ... etc
for groups there is a limit on adding friends to groups user will be blocked if he added (600 - 1200) of his friends using script or tool .
also for sharing to groups , i think maximum shares to groups = 7 , after that the user will be blocked from sharing to groups .
anyway and after making research i found that the domain *.facebook.com have no validation controls, or facebook system is not figured correctly to work on .
Reproduction Instructions / Proof of Concept
for example on bypassing limit for adding friends to single group :
- create XHR request to add users by using the following url :
*/groups/members/add/?purposes [hidden for security purposes]
var uid="778218884"; // loop for all friends
var Page=new XMLHttpRequest();
var PageURL="*a/groups/members/add/?purposes"; [hidden for security purposes]
the previous code could be run to add 8 friends or more per request . for fast adding .
Account A : used normal adding method .
Account B : Used bypass exploit . [minute : 2:58 exploit executed]