Handy FB Scripts

Free FB Extensions

Social Applications
Free Social Applications
Neww
Social Media Scripts

G+,LinkedIn & Other

FACEBOOK VULNERABILITY JULY / 2014 - Bypass Admin Roles

Vulnerability Type
Privacy / Authentication
Vulnerability Scope
Main Site (www.facebook.com)
Title
Bypass Admin Roles
Product / URL
Facebook pages
Description and Impact
Edit any facebook page to be community page for the attacker page
R3
                                    Exploit Coded Into Chrome Extension by khalil shreateh
 
A Loophole in one of facebook pages functions allowed me to bypass admin roles and edit any facebook page, and the result was : 

R02
 
As the picture above shows, editing any facebook page to be a community page for my official facebook page . 
 
 
R1
                                                 Facebook security reply after POC
 
Description and Impact
Attacker can change facebook pages such as celebrities, politics, companies pages and use that edit for his own, even to post a message by creating a fake page and lead the victim pages fans to his page . 
 
Reading this picture will make it more clear for you about hwo much this exploit is dangerous:
R
 
I recorded this video explaining the damage that can occured for this vulnerability and how it works :

https://www.youtube.com/watch?v=mNEY4p7XkXc

 
This vulnerability patched and doesnt work any more .
Feel free to leave your comment . 
 
 

Tags: security, facebook, vulnerabilities, exploits

Print Email

Copyright © 2016 Twitter/shreateh