Thursday, 12 February 2015

Researcher Could Remove All the Photo Albums On Facebook

A vulnerability in Facebook made ​​it possible to remove all photo albums of users and groups, as discovered an Indian security researcher. Developers of Facebook apps now use the Graph API (application programming interface) to read user data and write. To do this, the API has generally required an access token.

However, according to the documentation of Facebook is not possible to delete the photo albums via the Graph API.Nevertheless, attempted Laxman Muthiyah to do this, giving an error message. It said that the application you could not remove the photo album. What, according to the researcher also showed was that this could be another application.

Therefore he used a "Facebook for mobile" access token that he could remove photo albums. All that was required was the album ID of the Facebook user. Muthiyah warned Facebook and the problem was resolved within two hours. The researcher received for his mention a reward of $ 12,500. On YouTube is to find a demonstration of the vulnerability.

No comments:

Post a Comment