You can now find Cyber Kendra on Google News | Telegram

Facebook rewarded $33,500 as bounty for Remote Code Execution

Facebook rewarded $33,500 as bounty for Remote Code Execution, Facebook bounty reward, facebook hack, hacking facebook, Reginaldo Silva bounty, hacking facebook by Reginaldo Silva, site of Reginaldo Silva
Security concern the major role on the company's infrastructure internally or externally. For this concern many of the firms have announced the bug bounty programs. Firms like Google, Facebook, Microsoft, Yahoo and others too have started a bounty program for the hackers and researcher to give reward of there work.

Last year, Facebook have gave about $8,500 to the Indian researcher for reporting a bug on the Facebook, which was the highest reward paid by the Facebook as bounty. But Recently this reward amount has been broken by the Brazilian hacker "Reginaldo Silva", who was rewarded a bounty of $33,500.

Silva have reported a Remote Code Execution (RCE) vulnerability to Facebook. Vulnerability allows the attacker to see the any files from the server and also to execute any malicious code on the server.

Earlier Silva had discovered XML External Entity Expansion bug in the Drupal that handled OpenID. With the same exploit he found Google's App Engine and Blogger also gets effected. This bug is not much effective to the Google server, but then also Google rewarded $500 as a bounty to him.

After this, Silva learned that Facebook also use OpenID technology on "Forget Password" Page. So he tested his exploit on it, and he managed to discover XXE bug in Facebook that allowed him to see the "etc/password" files from the server.

He have reported a bug to facebook, and Facebook security team responded him quickly and fixed the bug with in 3.5 hours.

After getting fixing the report from Facebook, he asked to managed his access to further more. Silva test the vulnerability again and reported that the issue is fixed. For this bug report Facebook awarded reward of $33,500 to Silva, which is the highest reward ever given by Facebook to any researcher.

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.