Posts Tagged ‘security’
Paypal Hall Of Fame
Posted: March 21, 2015 in PaypalTags: bug bounty, hall of fame, Paypal, security, vulnerability
Zendesk Responsible Disclosure
Posted: March 21, 2015 in ZendeskTags: bug bounty, responsible disclosure, security, zendesk
Gift from pagerduty for responsibly disclosing vulnerabilties.
Posted: November 21, 2013 in Pagerduty vulnerabilityTags: bounty, bug, pagerduty, responsible disclosure, security, vulnerability
Gifts from LinkedIn for responsibly disclosing multiple vulnerabilties.
Posted: November 21, 2013 in LinkedIn vulnerabilityTags: bugs, Gifts, linkedin, responsible disclosure, security, vulnerability
Tshirt , sipper & hand-written letter
Facebook’s friends list disclosure vulnerability
Posted: August 4, 2013 in Facebook vulnerabilityTags: disclosure, facebook, friends, security, vulnerability
DO YOU WISH TO SEE WHO IS IN YOUR FRIENDS LIST, EVEN WHEN YOUR FRIEND HAS BLOCKED ACCESS TO VIEW HIS FRIENDS LIST?
IF YOUR ANSWER IS ‘YES’, THEN READ THE FOLLOWING PROCEDURE TO VIEW YOUR FRIENDS INACCESSIBLE FRIENDS LIST ON FACEBOOK.
It was JULY 17, 2013 when I discovered this little loophole and I submitted the vulnerability to facebook but then I wasn’t on the ‘Hall of Fame’ and neither did I receive any sort of acknowledgement or recognition.
Well without wasting much time, I will start with the PoC.
Note : Prior to this you should know your friends email address.
The following screenshot is the victims (your friend) privacy setting , it shows that nobody is allowed to see the friends list:
Now the attack, visit http://facebook.com and select “Forgot your password?”
There you will be prompted to enter the email address. Enter the victims email ID:
You will see the following page:
Click “No longer have access to this”.
You will be prompted to enter a new email address. Enter any email ID not associated to facebook.
Press ‘Continue’. You will be asked as to how you want to recover your account.
Click on ‘Recover your account with help from friends’
VOILA ! You see the friends list 😀
I was wondering, “What is the use of such privacy setting when it can be bypassed by abuse of other functionality?”.
Status: Unfixed.
Reported: Yes
PS: Do not go after my account.
-Bhavesh