• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 14th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Social Network News

Deleting anyone’s Facebook photo, a bug that earned researcher $10,000

November 27th, 2017 Waqas Security, Privacy, Social Network News 0 comments
Deleting anyone’s Facebook photo, a bug that earned researcher $10,000
Share on FacebookShare on Twitter

The social media giant Facebook has more than 2 billion monthly active users so when there is a bug in it, that’s big news. Recently an Iranian security researcher discovered a critical bug that allowed anyone to delete any photo from any user on Facebook without having access to their account.

The researcher who goes by the name of Pouya Darabi, found the bug while going through new features introduced by Facebook and noted that that the newly added “poll feature” on the site carried the flaw that could be exploited to remove photos from an account without user knowledge or permission.

Facebook introduced the poll feature earlier this month for its website and mobile app. It allows users to create polls and also upload photos or GIFs to go along with each option. Darabi noted that whenever he tried to create a poll, a request containing gif URL or image ID was sent and when this field value was changed to any other images ID, that image will be shown in the poll. After sending a request with another user image ID, a poll containing that image would be created. Once he deleted the poll, Facebook would remove the victim’s image as a poll property.

This means a poll creator could delete anyone’s photo on Facebook by just using the image ID without needing to log in to a victim’s account. “Whenever a user tries to create a poll, a request containing gif URL or image ID will be sent, poll_question_data[options][][associated_image_id] contains the uploaded image id,” Darabi said. “When this field value changes to any other images ID, that image will be shown in the poll,” said Darabi.

Darabi reported the bug to Facebook, and in return, he was paid an amount of $10,000.

Facebook is not new to such bugs, in fact, an Indian web developer reported a similar bug while playing around with Graph API, that would allow anyone to delete every photo of any Facebook user without accessing victim’s account.

Another researcher discovered a critical vulnerability in Facebook that allowed him to access anyone’s account password without much hassle. In return, he was paid $15,000 by the social media giant. There are several other incidents where people submitted reports on bugs in Facebook which can be read here.

  • Tags
  • Bug
  • Bug Bounty
  • Facebook
  • hacking
  • Images
  • internet
  • Privacy
  • security
  • Social Media
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article Hackers can Exploit Load Planning Software to Capsize Balance of Large Vessels
Next article Ransomware Attack Involving Scarab Malware Sends Over 12M Emails in 6 Hours
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Researcher release PoC exploit for 0-day in Chrome, Edge, Brave, Opera

Researcher release PoC exploit for 0-day in Chrome, Edge, Brave, Opera

6-year-old Moodle flaw exposed millions to account takeover attack

6-year-old Moodle flaw exposed millions to account takeover attack

Scraped data of 1.3 million Clubhouse users published online

Scraped data of 1.3 million Clubhouse users published online

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Researcher release PoC exploit for 0-day in Chrome, Edge, Brave, Opera
Security

Researcher release PoC exploit for 0-day in Chrome, Edge, Brave, Opera

ShinyHunters dump partial database of broker firm Upstox
Hacking News

ShinyHunters dump partial database of broker firm Upstox

6-year-old Moodle flaw exposed millions to account takeover attack
Security

6-year-old Moodle flaw exposed millions to account takeover attack

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us