Saturday, November 25, 2017

Image removal vulnerability in Facebook polling feature


  17 comments

Delete any
Image on Facebook





When I was checking out facebook's new features, I noticed that polling feature were added to the posts so I start working on it.

POLL


Whenever a user tries to create a poll, a request containing gif URL or image id will be sent,
poll_question_data[options][][associated_image_id] contains the uploaded image id.




When this field value changes to any other images ID, that image will be shown in poll.
After sending request with another user image ID, a poll containing that image would be created.
Our uploaded image has been replaced by victim's image

At the end when we try to delete the poll, victim's image would be deleted with it by facebook as a poll property.

POC:


I appreciate Facebook security team for resolving this vulnerability quickly.

TimeLine:
3 Nov 2017, 03:16 – Report Sent
3 Nov 2017, 15:25 – Triaged
3 Nov 2017, 16:46 - Temporary fix
5 Nov 2017, 15:03 - Permanent fix
8 Nov 2017   $10,000 Bounty awarded



17 comments :

  1. You such a genius bro.. congrats on your bounty

    ReplyDelete
  2. Replies
    1. He used 'burp suite' for handling http request from facebook.

      Delete
  3. The part buy real instagram followers that chooses regardless of whether people will comprehend your material of niche and visitors industry-unique/ related photos, your profile is very what your potential customers will acknowledge you with. So, the details must be simple and remarkable

    ReplyDelete
  4. I really enjoy reading and also appreciate your work.
    Tube Traffic Machine Review

    ReplyDelete
  5. Hello It’s really a nice and helpful piece of info. I am happy that you shared this helpful info with us. Please stay us informed like this. Thank you for sharing. bye
    Tangki Panel

    ReplyDelete
  6. The superb highly informative blog I’m about to share this with all my contacts.
    buy top domain

    ReplyDelete
  7. I constantly emailed this site post page to all my friends, because if prefer to read it then my all friends will too.
    dot io domain name

    ReplyDelete
  8. Hello, this is fastidious post I actually loved reading this.
    buy dot io domain

    ReplyDelete
  9. Very useful information for people, I think this is what everyone needs. Come to our service and tell the assistant : write a paper for me .

    ReplyDelete
  10. Thanks for your post. seems to be useful for me.

    ReplyDelete
  11. I would like to convey my sincerest and most heartfelt appreciation to you personally for this pay for essay reddit.

    ReplyDelete
  12. Thanks for this information, I think it will come in handy in the future.
    I am a writer and write essays and research articles, if interested, visit my website: https://homeworkfor.me/research-paper-help .

    ReplyDelete
  13. Great and useful article. Creating content regularly is very tough.Thanks you. Write more with https://papercoach.net .

    ReplyDelete
  14. Essentially I signed up after reading wellhello reviews and 48 hours later I found the love of my life, literally. Were married since 2011! In any case, the site was well designed and very easy to use. It was not filled with fake profiles unlike the competition. I recommended it when asked for dating sites suggestion.

    ReplyDelete