You can now find Cyber Kendra on Google News | Telegram

Vulnerability in Facebook allows Hacker to Delete any Photo Album

Vulnerability in Facebook allows Hacker to Delete any Photo Album, Security flaw could've deleted every photo on Facebook, Hacker finds vulnerability in Facebook, can delete your photo albums, Security researcher discovers vulnerability in Facebook which allows anyone to delete any Photo Albums, How to hack Facebook photo album of every user , hacking facebook 2015, facebook bug bounty
A critical vulnerability on Facebook has been discovered by the security researcher which allow him to delete anyone's complete photo album and that also without the victim authentication. This was critical security bug on Facebook which was recently reported by the India security researcher.

Researcher Laxman Muthiyah,  was person behind it who discovered this security issue. Laxman explained that the bug was resides in the Graph API, which allow him to delete any photo's album of any facebook users, even of fan page or facebook group.

On the blog post Laxman wrote that, Facebook developers documentation reveals that, photo albums cannot be deleted using the album node in Graph API. But then also he tried to delete his own photo album using graph explorer access token.  On testing this he had got the error message which reads - Application does not have the capability to make this API call. 

In response to the error message that he got, he made some tweaks and once again tried the same, but this time he use Facebook for Mobile access token. Laxman noted - we can see delete option for all photo albums in Facebook mobile application isn't it? Yeah and also it uses the same Graph API. 

As on Facebook for mobile, there is no option to delete photo album, so he took the Album ID and Facebook for android access token, and send the same HTTP delete request to the facebook server. This was all done, as Facebook have completed the request successfully.

So to deleted photos album of any users, he just need to send a HTTP request with the victim photo album ID, which allow him to deleted any users photo albums.

For the proof-of-concept researcher  have demonstrated the process in a video, which you can see below.
He reported the bug to Facebook security team, and within 24 hours Facebook team had patched the vulnerability and in response to the Facebook Bug Bounty program, he was rewarded with $12,500 monetary reward. 

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.