Published On: 06 May 2019
Facebook Bug Bounty - Invariant Detector Reward
Other
Facebook | Web
---
MEDIUM VALIDHello Guys , this is one of the best reward i got it via bug bounty program , not because of the bounty amount but the way that Facebook deal with it, where I tested something and didn't pay attention for a security issue that I made , and when Facebook invariant detector triggered , the Facebook Security Team found the bug , and they sent a message to reward me for this find !
Description
Intercepting request while creating a playlist then changing the parameter "custom_thumbnail_id"to any thmbnail list id then deleting the playlist will delete the victim thmbnail as well .
Impact
The issue found would have allowed a malicious user to delete another user's video list thumbnail.
Reproduction Steps
Step
1
I can't remember exactly the issue , but I'll give what I remembered from the testing .
1) opened creator studio : https://business.facebook.com/creatorstudio/
and found list of videos of my page .
Step
2
Step
3
Step
4
Step
5
This is the intercepted Request
Change the custom_thumbnail_id parameter to any thmbnail id list that you want to delete it ( victim thmbnail )
POST /showpages/playlists/create/?page_id=page_id&entry_point=video_list_selector_v2 HTTP/1.1
title=sdsds&description=sdsdsd&video_list_order=DATE_POSTED_NEWEST&custom_thumbnail_id=THUMBNAIL_ID_TO_DELETE
Step
6
Finally , send the request and then delete the playlist so the thmbnail list will be deleted as well.
Thanks!
I would like to thanks Facebook Security Team for this reward :) , and that's why I trust Facebook bug bounty program!