Delete any comment on Facebook | Bugreader

Joe Balhis

Published On: 09 May 2019

$12,500

Facebook

Delete any comment on Facebook

IDOR

Facebook | Web

---

HIGH VALID

Description

“Th vulnerability is located in the comment id and legacy id of the comments function. Remote attackers with low privileged user accounts are able to delete postings of other users without auth. The attacker can intercept the session and exchanged the comment and legacy id to delete or add for example comments.” states the advisory.

Impact

This bug allowed a malicious user to delete any comment on Facebook .

Reproduction Steps

Step
1

Login to your facebook account

Step
2

Put a comment anywhere to a random post

Step
3

Remove your comment by usage of the standard function in facebook

Step
4

Capture the headers information on requesting to delete

Step
5

Go to the victim account (any account not friend or there friends) because the issue works to both

Step
6

Like his comment and capture the request by intercepting the values

Step
7

Change your comment id with the victim comment id that you and change the legacy id

Step
8

Replay the tampered request with the manipulated values

Step
9

Now the comment will be unauthorized removed

Step
10

Successful reproduce of the security vulnerability that allows to delete any comment of other users.

Thanks

Thanks for [securityaffairs] https://securityaffairs.co/wordpress/33813/hacking/facebook-comment-on-facebook.html

Videos

Steps

Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
Step 10

Thanks

Show All Images