A security flaw that allowed someone (even if they did not have special knowledge of hacking) to delete any photo uploaded to Facebook was discovered by an Indian security researcher Arul Kumar (the term "security researcher" is a positive reflection of the term "hacker" ). THE Arul Kumar received from Facebook 12.500 dollars for his discovery.
The flaw in Facebook, as explained in his blog Arul Kumar, exploits the service Facebook Support. Vulnerability was considered critical and works with any browser and every release.
Facebook Support dashboard is used to send requests to delete posts, pages or photos. Applications are evaluated by Facebook workers, or alternatively they are sent to the owner of the photo (if it is a photo). Along with sending the deletion request, you also send a link that if you click on it deletes the photo in question.
The link or in Greek the link contains, two parameters Photo_id & Owners Profile_id. That is, it describes exactly who the owner is and what the image is. If these two parameters are modified, then the hacker could delete any photo without the owner knowing.
Each photo has a "fbid" value, which can be found in the URL of the photo and is essentially its identity.
The owner's profile IDs can be found using Facebook Graph.
Arul Kumar gave some examples:
Look at the URL. You can see the "cid" & "rid" parameters that you can use to remove any photo by changing the values of "photo_id" and "profile_id".
If then, if you click the "Continue" button, Facebook will automatically send a photo removal link to the profile you set.
If you find it a good idea, do not try it because the bug has already been corrected.
Registration in iGuRu.gr via email
Follow us on Google News