A C

Published On: 17 May 2019

Vertical Privileged Escalation in Facebook Group

Privacy/Authentication
Facebook | IOS
---
HIGH VALID

Thank @Max(Max Pasqua) for making write-up for me.

Description

This bug allowed a malicious attacker to make someone a moderator of the group with any page role. The requirements of this bug are that the page is an admin of another group and the malicious attacker is a member of said group.

Impact

Someone who has a page role could leverage this to add themselves to moderator where they have increased privileges that could allow them to modify the page.




Reproduction Steps

Step
1

HTTP POST

graph.facebook.com/graphql/

query_id=QUERYID

query_params={"0":{"user_id":"UserID","admin_type":"MODERATOR","actor_id":"PageID","client_mutation_id":"","source":"treehouse_group_mall","group_id":"GroupID"}}

Videos

Timeline
.
A 19 Dec 2018

Initial Report

.
Facebook 22 Dec 2018

Pre-triage Hi Richard, Thank you for your submission. We've managed to reproduce your report and will get back to you once we have had a chance to investi ... See More

.
Facebook 01 Jan 2019

Triaged Hi Richard, Thank you for reporting this information to us. We are sending it to the appropriate product team for further investigation. We will ... See More

.
Facebook 09 Jan 2019

Fixed Hi Richard, We have looked into this issue and believe that the vulnerability has been patched. Please let us know if you believe that the patch ... See More

.
A 09 Jan 2019

Confirmation

.
Facebook 11 Jan 2019

Bounty Awarded Hi Richard Cao, After reviewing this issue, we have decided to award you a bounty of $10000. Below is an explanation of the bounty amount. Faceb ... See More

VALID






Show All Images