Facebook vulnerability persists 10 months later

Facebook-Bug-

An error s reported on Facebook earlier this year and allows an attacker to publish on someone else's Timeline, without permission, is still ten months after.

Last year, researcher Vivek Bansal reported the vulnerability to Facebook's security team, showing that access tokens for mobile apps could be used to post to third-party Timeline without the necessary permission. (Note that an application may not "post" text or links to a user's Timeline without the "required permission from the account holder")

Η ευπάθεια εξακολουθεί να υπάρχει δέκα μήνες μετά ()

To indicate this error in Facebook, Bansal, received $ 2.000 fee and was inducted into the Hall of Fame by researchers who identified serious problems with the security mechanisms of the social networking platform. However, it seems that the vulnerability has either been through code modifications, or someone has forgotten to fix it - with the first version being the predominant one.
Recently, Bansal followed the same script he used for the original bug demonstration and noticed that everything worked as if no changes had been made. A video posted on (see below) last Tuesday showed that the vulnerability was still active. When Bansal was asked if he tested the script on a more recent date to determine if the vulnerability still existed, he responded by saying that the most recent test he did was on Monday, and the flaw was still present.

It's hard to believe that Facebook paid the researcher, and his technicians forgot to fix the vulnerability - though it's not impossible for that to happen. The most likely scenario, however, is that they forgot to re-examine the patch at a later time. Η  θεωρία αυτή ενισχύεται, από το γεγονός ότι Bansal έλαβε ένα από το Facebook στην αρχή του έτους, πληροφορώντας τον ότι η ευπάθεια είχε επιδιορθωθεί και ήταν ελεύθερος να δημοσιεύσει τα ευρήματά του. Δείτε την πρόσφατη επίδειξη του bug:

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).